Bivio 6310-NC Security Target 20-5018-R-0006 Version: 0.8 Nov 25, 2020 Prepared For: Bivio Networks, Inc. 4457 Willow Rd Suite 240 Pleasanton, CA, 94588 Prepared By: Ekta Binwani UL Verification Services Inc. Bivio 6310-NC Security Target Notices: ©2020 Bivio Networks, Inc. All rights reserved. All other brand names are trademarks, registered trademarks, or service marks of their respective companies or organizations It is prohibited to copy, reproduce or retransmit the information contained within this documentation without the express written permission of Bivio Networks, Inc. 4457 Willow Road Suite 200, Pleasanton, CA, 94588. Page 2 of 53 Bivio 6310-NC Security Target Table of Contents 1. Security Target (ST) Introduction.................................................................................... 7 1.1 Security Target Reference ........................................................................................... 7 1.2 Target of Evaluation Reference .................................................................................. 7 1.3 Target of Evaluation Overview .................................................................................... 7 1.3.1 TOE Product Type ................................................................................................. 7 1.3.2 TOE Usage .............................................................................................................. 7 1.3.3 TOE Major Security Features Summary ............................................................ 8 1.3.4 TOE IT environment hardware/software/firmware requirements .................... 8 1.4 Target of Evaluation Description ................................................................................. 8 1.4.1 TOE Physical Scope .............................................................................................. 9 1.4.2 TOE Logical Scope .............................................................................................. 11 1.5 Notation, formatting, and conventions ...................................................................... 13 2. Conformance Claims ...................................................................................................... 14 2.1 Common Criteria Conformance Claims ................................................................... 14 2.2 Conformance to Protection Profiles .......................................................................... 14 2.3 Conformance to Security Packages ......................................................................... 14 2.4 Conformance Claims Rationale ................................................................................ 14 3. Security Problem Definition ........................................................................................... 16 3.1 Threats .......................................................................................................................... 16 3.2 Organizational Security Policies ................................................................................ 17 3.3 Assumptions ................................................................................................................. 17 4. Security Objectives ......................................................................................................... 19 4.1 Security Objectives for the Operational Environment ............................................ 19 5. Extended Components Definition ................................................................................. 20 6. Security Requirements ................................................................................................... 21 6.1 Security Functional Requirements ............................................................................ 21 6.1.1 Security Audit (FAU) ............................................................................................ 22 6.1.2 Cryptographic Support (FCS) ............................................................................. 26 6.1.3 Identification and Authentication (FIA) .............................................................. 30 6.1.4 Security Management (FMT) .............................................................................. 31 6.1.5 Protection of the TSF (FPT) ................................................................................ 33 6.1.6 TOE Access (FTA) ............................................................................................... 33 6.1.7 Trusted path/channels (FTP) .............................................................................. 34 Page 3 of 53 Bivio 6310-NC Security Target 6.2 Security Assurance Requirements ........................................................................... 35 7. TOE Summary Specification ......................................................................................... 36 7.1 Security Audit ............................................................................................................... 36 7.1.1 Audit Data Generation ......................................................................................... 36 7.1.2 Audit Storage ........................................................................................................ 37 7.2 Cryptographic Support ................................................................................................ 37 7.2.1 Cryptographic Key Generation ........................................................................... 38 7.2.2 Cryptographic Operations ................................................................................... 39 7.2.3 NTP Protocol (Selection-based) ........................................................................ 40 7.2.4 Random Bit Generation ....................................................................................... 40 7.2.5 SSH Client Protocol (Selection-based) ............................................................. 40 7.2.6 SSH Server Protocol (Selection-based) ........................................................... 41 7.2.7 TLS Server Protocol Without Mutual Authentication (Selection-based) ...... 41 7.3 Identification and Authentication ............................................................................... 42 7.3.1 Authentication Failure Management ................................................................. 42 7.3.2 Password Management ...................................................................................... 42 7.3.3 User Identification and Authentication .............................................................. 43 7.3.4 Password-based Authentication Mechanism ................................................... 43 7.3.5 Protected Authentication Feedback .................................................................. 44 7.3.6 X.509 Certificate Validation ................................................................................ 44 7.3.7 X.509 Certificate Authentication (Selection-based) ........................................ 44 7.3.8 X.509 Certificate Requests (Selection-based) ................................................ 44 7.4 Security Management ................................................................................................. 44 7.4.1 Management of Security Functions Behaviour ................................................ 44 7.4.2 Management of TSF Data .................................................................................. 45 7.4.3 Specification of Management Functions .......................................................... 46 7.4.4 Restrictions on Security Roles ........................................................................... 47 7.5 Protection of the TSF .................................................................................................. 47 7.5.1 Protection of Administrator Passwords ............................................................. 47 7.5.2 TSF Testing ........................................................................................................... 47 7.5.3 Trusted Update ..................................................................................................... 48 7.5.4 Protection of TSF Data ........................................................................................ 48 7.5.5 Reliable Time Stamps ......................................................................................... 48 7.6 TOE Access .................................................................................................................. 49 Page 4 of 53 Bivio 6310-NC Security Target 7.6.1 TSF-initiated Session Locking ............................................................................ 49 7.6.2 TSF-initiated Termination .................................................................................... 49 7.6.3 User-initiated Termination ................................................................................... 49 7.6.4 Default TOE Access Banners ............................................................................ 49 7.7 Trusted Path/Channels ............................................................................................... 50 7.7.1 Inter-TSF Trusted Channel ................................................................................. 50 8. Terms and Definitions ..................................................................................................... 51 9. References ......................................................................................................................