{C_mall_doo, 7.0 ‘Template: CSE Arendetyp: 6 Diarienummer: 10FMV8575-35:1 FMV & Dokument ID CB-015 gr Va” CSEC Swedish Certification Body for IT Security Certification Report - PP Information Gateway Issue: 2.0, 2011-12-14 Report Distribution: FMV/Ak Led (Thomas Dahlbeck) atsec information security AB (Rasma M. Araby) Combitech AB (Anders Staaf) FMV/CSEC(Mikael Äkerholm, Helen Svensson) Arkiv Uncontrolled copy when printed Swedish Certification Body for IT Security Certification Report - PP Information Gateway Table of Contents Identification Executive Summary Security Related Qualities Evaluation Results Acronyms Oar wn a References 10FMV8575-35:1 Draft 1.3 CB-015 2011-02-09 2 (8) ON oar w Swedish Certification Body for IT Security Certification Report - PP Information Gateway 1 Identification Certification ID CSEC 2011002 Identification of the certi- fied PP PP Information Gateway Assurance Package EAL 4, augmented by ALC_FLR.1. Sponsor FMV Ak Led, Banérgatan 62, 115 88 Stockholm PoC: Thomas Dahlbeck ITSEF atsec information security AB, Svärdvägen 11, 182 33 Danderyd Common Criteria version 3.1, Revision 3, Final CEM version 3.1, Revision 3, Final Certification completion date 2011-11-14 10FMV8575-35:1 CB-015 Draft 1.3 2011-02-09 3 (8) Swedish Certification Body for IT Security Certification Report - PP Information Gateway 2 Executive Summary This report describes the Protection Profile Evaluation certification by the certification body on the evaluation results applied with requirements of the APE (Protection Profile Evaluation) assurance class of the Common Criteria for information Security Evaluation in relation to PP Information Gateway. This report describes the evaluation results and its soundness and con- firmity. The TOE (TOE is the product described in the PP) is a content filtering device for IP and TCP/UDP traffic between networks. The TOE is a stand-alone device consisting of hard- and software. The external entities, Log System and Administration Node, are required as to provide support for reception of audit trails from the TOE and to supply an administration interface to the TOE. Neither the log system nor the Administration Node is part of the TOE. The TOE has four external interfaces: - Two network interfaces, - One administration interface to an Administration Node, and - One Log System interface to an external system for audit trail management. All external interfaces are Ethernet (IEEE 802.3) compatible. The network interfaces commu- nicate with TCP/IP or UDP/IP (IPv4/IPv6). There are eight assumptions made in the PP regarding the secure usage and environment of the Information Gateway. The TOE only relies on these being met to counter the six threats, and to fulfill the five organizational security policies (OSP) in the PP. The assumptions, the threats and the organizational security policies are described in chapter 4 in [PP]. The TOE has 30 different Security Function Requirements addressed in the PP within the functional classes. Authentication of users, Non-repudiation within Communications, Encryption of sensitive data, User access control of data with flow control functions, User Authentication and Identification, Security Management functions for the TOE, roles and certificates and finally the protection of the TOE Security Functions that protects the TSF itself. The Evaluation on the PP Information Gateway was conducted by atsec information security AB and completed on November 14, 2011. Contents of this report have prepared on the basis of the contents of the ETR submitted by atsec information security AB. The evaluation was conducted by applying CEM. This PP satisfies all APE requirements of the Common Criteria, therefore the evaluation results were decided to be suitable. 10FMV8575-35:1 Draft 1.3 2011-02-09 CB-015 4 (8) Swedish Certification Body for IT Security Certification Report - PP Information Gateway 3 Security Related Qualities Security Policy Audit, Audit Transfer, Domain Separation, PKI and Query TOE Status is summarized in [PP] section 3.3, Organizational Security Polices. Assumptions Dependencies upon the environment for secure operation of the TOE are described in [PP] section 4.3, Security Objectives for the Operational environment. Clarification of Scope Neither the log system nor the Administration Node is part of the TOE. Further details in [PP] section 1,2.8, Available non-TOE hardware/software/firmware. Architectural Information The TOE is divided into three separated nodes, two Service Nodes interfacing one network each and a Filter Node interfacing the Service Nodes. User data to be transferred from one network to the other has to pass all three nodes. The Service Nodes are able to receive and format data from the connected networks to an intermediary format that is suitable for control and filtering in the filtering node. For further details in [PP] section 1.2.2, TOE components. 10FMV8575-35:1 Draft 1.3 2011-02-09 CB-015 5 (8) 10FMV8575-35:1 CB-015 Swedish Certification Body for IT Security Certification Report - PP Information Gateway Evaluation Results Assurance Class Name Assurance Components Verdict PP Introduction APE_INT.1 PASS Conformance Claims APE_CCL.I PASS Security Problem Definition APE SPD.I PASS Security Objectives APE _OBJ.2 PASS Extended Components Defi- APE ECD.1 PASS nition Security Requirements APE _REQ2 PASS Summarizing the results of all assurance classes, the final evaluation result in PASS. Draft 1.3 2011-02-09 6 (8) 10FMV8575-35:1 CB-015 Swedish Certification Body for IT Security Certification Report - PP Information Gateway Acronyms The following acronyms have been used in this report. EAL Evaluation Assurance Level TOE Target of Evaluation ITSEF IT security Evaluation Facility PP Protection Profile CC Common Criteria CEM Common Methodology for Information Security Evaluation Draft 1.3 2011-02-09 7 (8) Swedish Certification Body for IT Security Certification Report - PP Information Gateway 6 References ee Acronym Documents used and referenced during the review PP Protection Profile Information Gateway v2.0, 201 1-11-07, 10FMV8575-24:1 cc Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 3,Final, July 2009 CEM Common Methodology for Information Security Evaluation, v3.1, Revision 3, Final, July 2009 10FMV8575-35:1 Draft 1.3 2011-02-09 CB-015 8(8)