Compliant Product - Nokia 7705 SAR Series with SAR OS 21.10R5
Certificate Date:
2023.09.29
CC Certificate
Security Target
Validation Report
Validation Report Number: CCEVS-VR-VID11353-2023 Product Type: Network Device Conformance Claim: Protection Profile Compliant PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e CC Testing Lab: Acumen Security Assurance Activity Administrative Guide: NOKIA 7705 SERVICE AGGREGATION ROUTER | RELEASE 21.10R5 Common Criteria Admin Guide Administrative Guide: 7705 SERVICE AGGREGATION ROUTER | RELEASE 21.10.R1 Basic System Configuration Guide Administrative Guide: 7705 SERVICE AGGREGATION ROUTER | RELEASE 21.10.R1 Interface Configuration Guide Administrative Guide: 7705 SERVICE AGGREGATION ROUTER | RELEASE 21.10.R1 Log Events Guide Administrative Guide: 7705 SERVICE AGGREGATION ROUTER | RELEASE 21.10.R1 Router Configuration Guide Administrative Guide: 7705 SERVICE AGGREGATION ROUTER | RELEASE 21.10.R1 Services Guide Administrative Guide: 7705 SERVICE AGGREGATION ROUTER | RELEASE 21.10.R1 System Management Guide
Product Description
The Nokia 7705 SAR Series with SAR OS 21.10R5, the Target of Evaluation (TOE), is a network device that is composed of hardware and software and offers a scalable solution to the end users. It satisfies all of the criterion to meet the collaborative Protection Profile for Network Devices, Version 2.2e [NDcPP v2.2e]. The TOE is a physical, non-distributed network device implementing networking functions essential for service adaptation, aggregation and routing over Ethernet and Internet Protocol routing infrastructure. The primary scenario of deployment is for mobile backhaul, fixed to mobile convergence, mission-critical applications, and enterprise applications.
The TOE supports secure connectivity with another IT environment device as stated in Table 1.
Table 1 – Required Environmental Components
Evaluated Configuration
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Nokia 7705 SAR Series with SAR OS 21.10R5 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. The product, when delivered configured as identified in multiple admin guides listed below, satisfies all of the security functional requirements stated in the Nokia 7705 SAR Series with SAR OS 21.10R5 Security Target.
_________________________________________________________________________________________________ The project underwent CCEVS Validator review. The evaluation was completed in September 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Environmental Strengths
The TOE implements the following security functional requirements: · Security Audit · Cryptographic Support · Identification and Authentication · Security Management · TOE Access · Protection of the TSF · Trusted Path/Channels Each of these security functionalities are listed in more detail in the sections below. Security AuditThe TOE generates audit events for all start-up and shut-down functions and all auditable events as specified in Table 15. Audit events are also generated for management actions specified in FAU_GEN.1. The TOE is capable of storing audit events locally and exporting them to an external audit server over IPsec protocol. Each audit record contains the date and time of event, type of event, subject identity, and the relevant data of the event. The audit server supports the following severity levels: indeterminate (info), major, and minor. Cryptographic SupportThe TOE provides cryptography in support of SSH and IPSEC trusted communications. The following table identifies the cryptographic services per cryptographic library.
Identification and AuthenticationThe TOE supports Role Based Access Control. All users must be authenticated to the TOE prior to carrying out any management actions. The TOE supports password-based authentication and public key-based authentication. Based on the assigned role, a user is granted a set of privileges to access the system. Security ManagementThe TOE supports local and remote management of its security functions including:
TOE AccessPrior to establishing an administration session with the TOE, a banner is displayed to the user. The banner messaging is customizable. The TOE will terminate an interactive session after configurable number of minutes of session inactivity. A user can terminate their local CLI session and remote CLI session by entering the appropriate command at the prompt. Protection of the TSFThe TOE protects all passwords, pre-shared keys, symmetric keys, and private keys from unauthorized disclosure. Pre-shared keys, symmetric keys, and private keys are stored in encrypted format. Passwords are stored as a non-reversible hash value as per standard Linux approach. The TOE executes self-tests during initial start-up to ensure correct operation and enforcement of its security functions. An administrator can install software updates to the TOE. The TOE internally maintains the date and time. Trusted Path/ChannelsThe TOE supports IPsec for secure communication to the audit server and with the authentication server. The termination points of the IPsec are the TOE and another IPsec implementation. The TOE supports local CLI and uses SSH v2 for secure remote administration. Vendor InformationNokia Corporation Hooman Bidgoli 866-582-3688 N/A hooman.bidgoli@nokia.com https://www.nokia.com/ |