National Information Assurance Partnership
Common Criteria Evaluation and Validation Scheme
Validation Report
For
Hewlett-Packard 6125XLG Ethernet Blade Switch
Report Number: CCEVS-VR-VID10601-2015
Dated: February 24, 2015
Version: 1.0
National Institute of Standards and Technology National Security Agency
Information Technology Laboratory Information Assurance Directorate
100 Bureau Drive 9800 Savage Road STE 6940
Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6940
®
TM
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
ii
Table of Contents
1 Executive Summary.............................................................................................................1
2 Identification........................................................................................................................3
2.1 Threats.........................................................................................................................3
2.2 Organizational Security Policies.................................................................................4
3 Architectural Information ....................................................................................................5
4 Assumptions.........................................................................................................................7
4.1 Clarification of Scope .................................................................................................7
5 Security Policy.....................................................................................................................8
5.1 Security Audit.............................................................................................................8
5.2 Cryptographic Support................................................................................................8
5.3 User Data Protection...................................................................................................8
5.4 Identification and Authentication ...............................................................................8
5.5 Security Management .................................................................................................8
5.6 Protection of the TSF..................................................................................................8
5.7 TOE Access ................................................................................................................9
5.8 Trusted Path/Channels ................................................................................................9
6 Documentation...................................................................................................................10
7 Independent Testing...........................................................................................................11
8 Evaluated Configuration ....................................................................................................12
9 Results of the Evaluation ...................................................................................................13
10 Validator Comments/Recommendations ...........................................................................14
11 Annexes 15
12 Security Target...................................................................................................................16
13 Abbreviations and Acronyms ............................................................................................17
14 Bibliography ......................................................................................................................19
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
1
List of Tables
Table 1: Evaluation Details............................................................................................................. 2
Table 2: ST and TOE Identification................................................................................................ 3
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
1
1 Executive Summary
This report is intended to assist the end-user of this product and any security certification agent for that
end-user in determining the suitability of this Information Technology (IT) product in their environment.
End-users should review the Security Target (ST), which is where specific security claims are made, in
conjunction with this Validation Report (VR), which describes how those security claims were evaluated
and tested and any restrictions on the evaluated configuration. Prospective users should read carefully the
Assumptions and Clarification of Scope in Section 4 and the Validator Comments in Section 10, where
any restrictions on the evaluated configuration are highlighted.
This report documents the National Information Assurance Partnership (NIAP) assessment of the
evaluation Hewlett-Packard (HP) Company 6125XLG Ethernet Blade Switch running Comware 7.1.045,
Release 2406P01. It presents the evaluation results, their justifications, and the conformance results. This
VR is not an endorsement of the Target of Evaluation (TOE) by any agency of the U.S. Government and
no warranty of the TOE is either expressed or implied. This VR applies only to the specific version and
configuration of the product as evaluated and as documented in the ST.
The evaluation of Hewlett-Packard Company 6125XLG Ethernet Blade Switch was performed by Leidos
(formerly Science Applications International Corporation (SAIC)) Common Criteria Testing Laboratory
(CCTL) in Columbia, Maryland, in the United States and was completed in February 2015. The
evaluation was conducted in accordance with the requirements of the Common Criteria and Common
Methodology for IT Security Evaluation (CEM), version 3.1, revision 4 and assurance activities specified
in Protection Profile for Network Devices, Version 1.1, 8 June 2012 and Security Requirements for
Network Devices Errata #2. The evaluation was consistent with NIAP Common Criteria Evaluation and
Validation Scheme (CCEVS) policies and practices as described on their web site (www.niap-ccevs.org).
The Leidos evaluation team determined that Hewlett-Packard Company 6125XLG Ethernet Blade Switch is
conformant to the claimed Protection Profile (PP) and, when installed, configured and operated as
specified in the evaluated guidance documentation, satisfies all of the security functional requirements
stated in the ST. The information in this VR is largely derived from the Assurance Activities Report
(AAR) and associated test report produced by the Leidos evaluation team.
The TOE is a hardware and software solution that consists of the Hewlett-Packard (HP) Company
6125XLG Ethernet Blade Switch running Comware 7.1.045, Release 2406 P01. The network on which
it resides is considered part of the operational environment.
The following modules, extending the physically available ports, are supported by the HP 6125XLG
Ethernet Blade Switch and can optionally be used since they do not affect any of the claimed security
functions but rather serve to extend available network connectivity:
 HP X120 1G SFP LC SX 850nm Transceiver JD118B
 HP X120 1G SFP LC LX 1310nm Transceiver JD119B
 HP X125 1G SFP LC LH40 1310nm Transceiver JD061A
 HP X120 1G SFP LC LH40 1550nm Transceiver JD062A
 HP X125 1G SFP LC LH70 1550nm Transceiver JD063B
 HP X120 1G SFP LC RJ45 T Transceiver JD089B
 HP BLc 1Gb SFP LC SX 850nm Transceiver
 HP BLc 1Gb SFP LC RJ45 T Transceiver
 HP X130 10G SFP+ LC SR 850nm Transceiver JD092B
 HP X130 10G SFP+ LC LRM 1310nm Transceiver JD093B
 HP X130 10G SFP+ LC LR 1310nm Transceiver JD094B
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
2
 HP X130 10G SFP+ LC ER 1550nm Transceiver JG234A
 HP BladeSystem c-Class 10G SFP+ LC SR 850nm Transceiver
 HP BladeSystem c-Class 10G SFP+ LC LR 1310nm Transceiver
 HP X140 40G QSFP+ MPO SR4 850nm Transceiver JG325A
Table 1: Evaluation Details
Item Identifier
Evaluated Product Hewlett-Packard (HP) Company 6125XLG Ethernet Blade Switch
running Comware 7.1.045, Release 2406 P01.
Sponsor & Developer Hewlett-Packard Development Company, L.P.
11445 Compaq Center Drive West
Houston, Texas 77070
CCTL Leidos (formerly SAIC)
Common Criteria Testing Laboratory
6841 Benjamin Franklin Drive
Columbia, MD 21046
Completion Date February 2015
CC Common Criteria for Information Technology Security Evaluation,
Version 3.1, Revision 4, September 2012
Interpretations There were no applicable interpretations used for this evaluation.
CEM Common Methodology for Information Technology Security
Evaluation: Version 3.1, Revision 4, September 2012
PP Protection Profile for Network Devices, Version 1.1, 8 June 2012
Security Requirements for Network Devices Errata #2, 13 January 2013
Evaluation Class None
Disclaimer The information contained in this Validation Report is not an
endorsement of the Hewlett-Packard (HP) Company 6125XLG Ethernet
Blade Switch running Comware 7.1.045, Release 2406 P01 by any
agency of the U.S. Government and no warranty of Hewlett-Packard
(HP) Company 6125XLG Ethernet Blade Switch running Comware
7.1.045, Release 2406 P01 is either expressed or implied.
Evaluation Personnel Katie Sykes
Tony Apted
Pascal Patin
Greg Beaver
Dragua Zenelaj
Validation Personnel Paul Bicknell The MITRE Corporation
Jean Petty The MITRE Corporation
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
3
2 Identification
The CCEVS is a joint National Security Agency (NSA) and National Institute of Standards and
Technology (NIST) effort to establish commercial facilities to perform trusted product evaluations. Under
this program, security evaluations are conducted by commercial testing laboratories called Common
Criteria Testing Laboratories (CCTLs) in accordance with National Voluntary Laboratory Assessment
Program (NVLAP) accreditation.
The NIAP Validation Body assigns Validators to monitor the CCTLs to ensure quality and consistency
across evaluations. Developers of information technology products desiring a security evaluation contract
with a CCTL and pay a fee for their product’s evaluation. Upon successful completion of the evaluation,
the product is added to NIAP’s Product Compliant List (PCL).
The following table identifies the evaluated Security Target and TOE.
Table 2: ST and TOE Identification
Name Description
ST Title Hewlett-Packard Company 6125XLG Ethernet Blade Switch Security Target
ST Version 2.0
Publication Date February 19, 2015
Vendor Hewlett-Packard Company
ST Author Leidos (formerly SAIC)
TOE Reference Hewlett-Packard (HP) Company 6125XLG Ethernet Blade Switch running
Comware 7.1.045, Release 2406 P01
TOE Hardware Models HP 6125XLG Ethernet Blade Switch
TOE Software Version Comware 7.1.045, Release 2406 P01
Keywords Switch, Layer 2, Layer 3
2.1 Threats
The ST identifies the following threats that the TOE and its operational environment are intended to
counter:
 An administrator may unintentionally install or configure the TOE incorrectly, resulting in
ineffective security mechanisms.
 Security mechanisms of the TOE may fail, leading to a compromise of the TSF.
 A user may gain unauthorized access to the TOE data and TOE executable code. A malicious
user, process, or external IT entity may masquerade as an authorized entity in order to gain
unauthorized access to data or TOE resources. A malicious user, process, or external IT entity
may misrepresent itself as the TOE to obtain identification and authentication data.
 A malicious party attempts to supply the end user with an update to the product that may
compromise the security features of the TOE.
 Malicious remote users or external IT entities may take actions that adversely affect the security
of the TOE. These actions may remain undetected and thus their effects cannot be effectively
mitigated.
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
4
 User data may be inadvertently sent to a destination not intended by the original sender.
2.2 Organizational Security Policies
The ST identifies the following organizational security policy that the TOE and its operational
environment are intended to fulfill:
 The TOE shall display an initial banner describing restrictions of use, legal agreements, or any
other appropriate information to which users consent by accessing the TOE.
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
5
3 Architectural Information
The HP 6125XLG Ethernet Blade Switch comprising the TOE includes a common software code base,
called Comware. Comware is special purpose appliance system software that implements a wide array of
networking technology, including: IPv4/IPv6 dual-stacks; a data link layer; layer 2 and 3 routing;
Ethernet switching; VLANs; IRF routing; and Quality of Service (QoS). The evaluated version of
Comware is 7.1.045, Release 2406 P01. It should be noted that although Comware can run on a variety of
underlying architectures, including VxWorks, Linux, pSOS and Windows, the only underlying
architecture found in the evaluated configuration is Linux.
Comware V7.1 implements full modularization and multi-process applications, and provides the
following benefits:
 Full modularization—Brings improvements in system availability, virtualization, multi-core
multi-CPU applications, distributed computing, and dynamic loading and upgrading.
 Openness—Comware V7.1 is a generic, open system based on Linux.
 Improved operations—Comware V7.1 improves some detailed operations. For example, it uses
preemptive scheduling to improve real-time performance.
Comware V7.1 optimizes the following functions:
 Virtualization—Supports N:1 virtualization.
 In Service Support Updates (ISSU)—Supports ISSU for line cards.
 Auxiliary CPU and OAA—Improves scalability for devices.
In addition, Comware V7.1 supports new technologies for data centers, including TRILL and EVB.
Comware V7.1 comprises four planes: management; control; data; and infrastructure.
Figure 1: Comware V7.1 Architecture
 Infrastructure—the infrastructure plane provides basic Linux services and Comware support
functions. Basic Linux services comprise basic Linux functions, C language library functions,
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
6
data structure operations, and standard algorithms. Comware support functions provide software
and service infrastructure for Comware processes, including all basic functions.
 Data—the data plane provides data forwarding for local packets and received IPv4 and IPv6
packets at different layers.
 Control—the control plane comprises all routing, signaling, and control protocols, such as
MPLS, OSPF, and security control protocols. It generates forwarding tables for the data plane.
 Management—the management plane provides a management interface for operators to
configure, monitor, and manage Comware V7.1. The management interface comprises a
Command Line Interface (CLI) accessed using SSH.
The Comware V7.1 software is further decomposed into subsystems designed to implement applicable
functions. For example, there are subsystems dedicated to the security management interface. There are
also subsystems dedicated to the IPv4 and IPv6 network stacks as well as the applicable network
protocols and forwarding, routing, etc.
From a security perspective, the TOE implements NIST-validated cryptographic algorithms that support
the IPsec and SSH protocols as well as digital signature services that support the secure update
capabilities of the TOE. Otherwise, the TOE implements various network switching protocols and
functions.
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
7
4 Assumptions
The ST identifies the following assumptions about the use of the product:
 It is assumed that there are no general-purpose computing capabilities (e.g., compilers or user
applications) available on the TOE, other than those services necessary for the operation,
administration and support of the TOE.
 Physical security, commensurate with the value of the TOE and the data it contains, is assumed to
be provided by the environment.
 TOE Administrators are trusted to follow and apply all administrator guidance in a trusted
manner.
4.1 Clarification of Scope
All evaluations (and all products) have limitations, as well as potential misconceptions that need
clarifying. This text covers some of the more important limitations and clarifications of this evaluation.
Note that:
1. As with any evaluation, this evaluation only shows that the evaluated configuration meets the
security claims made, with a certain level of assurance (the assurance activities specified in the
claimed PPs and performed by the evaluation team).
2. This evaluation covers only the specific device models and software version identified in this
document, and not any earlier or later versions released or in process.
3. The evaluation of security functionality of the product was limited to the functionality specified
in the claimed PPs. Any additional security related functional capabilities of the product were
not covered by this evaluation.
4. This evaluation did not specifically search for, nor attempt to exploit, vulnerabilities that were not
“obvious” or vulnerabilities to objectives not claimed in the ST. The CEM defines an “obvious”
vulnerability as one that is easily exploited with a minimum of understanding of the TOE,
technical sophistication and resources.
5. The following specific product capabilities are excluded from use in the evaluated configuration:
a. Non-FIPS 140-2 mode of operation—this mode of operation allows cryptographic
operations that are not FIPS-approved
b. TLS is not included in the evaluated configuration.
6. The TOE can be configured to rely on and utilize a number of other components in its operational
environment:
a. Syslog server—to receive audit records when the TOE is configured to deliver them to an
external log server.
b. RADIUS and TACACS servers—the TOE can be configured to use external
authentication servers.
c. Management Workstation—the TOE supports remote access to the CLI over SSHv2. As
such, an administrator requires an SSHv2 client to access the CLI remotely.
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
8
5 Security Policy
The TOE enforces the following security policies as described in the ST.
Note: Much of the description of the security policy has been derived from the ST and the Final ETR.
5.1 Security Audit
The TOE is able to generate audit records of security relevant events. The TOE can be configured to store
the audit records locally so they can be accessed by an administrator or alternately to send the audit
records to a designated log server.
5.2 Cryptographic Support
The TOE includes NIST-validated cryptographic mechanisms that provide key management, random bit
generation, encryption/decryption, digital signature and secure hashing and key-hashing features in
support of higher level cryptographic protocols, including IPsec and SSHv2. Note that to be in the
evaluated configuration, the TOE must be configured in FIPS mode, which ensures the TOE’s
configuration is consistent with the FIPS 140-2 standard.
5.3 User Data Protection
The TOE performs network switching and routing functions, passing network traffic among its various
physical and logical (e.g., VLAN) network connections. While implementing applicable network
protocols associated with network traffic forwarding, the TOE is designed to ensure that it does not
inadvertently reuse data found in network traffic.
5.4 Identification and Authentication
The TOE requires users (i.e., administrators) to be successfully identified and authenticated before they
can access any security management functions available in the TOE. The TOE offers both a locally
connected console and a network accessible interface (SSHv2) for interactive administrator sessions.
The TOE supports the local (i.e., on device) definition of administrators with usernames and passwords.
Additionally, the TOE can be configured to use the services of trusted RADIUS and TACACS servers in
the operational environment to support, for example, centralized user administration.
5.5 Security Management
The TOE provides a CLI to access its security management functions. Security management commands
are limited to administrators and are available only after they have provided acceptable user identification
and authentication data to the TOE.
5.6 Protection of the TSF
The TOE implements a number of features designed to protect itself to ensure the reliability and integrity
of its security features.
It protects particularly sensitive data such as stored passwords and cryptographic keys so that they are not
accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable
time information is available (e.g., for log accountability).
The TOE uses cryptographic means to protect communication with remote administrators. When the TOE
is configured to use the services of a Syslog server or authentication servers in the operational
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
9
environment, the communication between the TOE and the operational environment component is
protected using encryption.
The TOE includes functions to perform self-tests so that it might detect when it is failing. It also includes
mechanisms so that the TOE itself can be updated while ensuring that the updates will not introduce
malicious or other unexpected changes in the TOE.
5.7 TOE Access
The TOE can be configured to display an informative banner that will appear prior to authentication when
accessing the TOE via the console or SSH interfaces. The TOE subsequently will enforce an
administrator-defined inactivity timeout value after which the inactive session will be terminated.
5.8 Trusted Path/Channels
The TOE protects interactive communication with administrators using SSHv2 for CLI access. Using
SSHv2, both integrity and disclosure protection is ensured.
The TOE protects communication with external IT entities, including audit and authentication servers,
using IPsec connections, which prevent unintended disclosure or modification of data.
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
10
6 Documentation
There are numerous documents that provide information and guidance for the deployment of the TOE. In
particular, the following Common Criteria specific guides reference the security-related guidance material
for all devices in the evaluated configuration:
 Preparative Procedures for CC NDPP Evaluated Hewlett-Packard 6125XLG Network Switch
based on Comware V7, v1.02, dated 02/19/2015
 Command Reference for CC Supplement, Revision # v1.04, dated 02/19/2015
 Configuration Guide for CC Supplement, Revision # v1.5 dated 02/19/2015
 Comware V7.1 Platform System Log Messages, Revision # v0.25, dated 4/21/2014.
These CC specific guidance documents are distributed by the HP Federal sales and support team as part
of the sales delivery process.
The following documents for the HP 6125XLG Switch can be found under the General Reference section
of the HP 6125XLG Ethernet Blade Switch documentation page on the HP Web site. The link is provided
below.
 R240x-HP 6125XLG Blade Switch ACL and QoS Command Reference
 R240x-HP 6125XLG Blade Switch Layer 3 - IP Services Command Reference
 R240x-HP 6125XLG Blade Switch Fundamentals Command Reference
 R240x-HP 6125XLG Blade Switch Security Command Reference
 R240x-HP 6125XLG Blade Switch Network Management and Monitoring Command Reference
http://h20566.www2.hp.com/portal/site/hpsc/public/psi/manualsResults/?cc=us&jumpid=hpr_r1002_usen
_link3&lang=en&sp4ts.oid=5404487
The following documents for the HP 6125XLG Switch can be found under the Setup and Install section
of the HP 6125XLG Ethernet Blade Switch documentation page on the HP Web site. The link is provided
below.
 R2306-HP 6125XLG Blade Switch ACL and QoS Configuration Guide
 R2306-HP 6125XLG Blade Switch Layer 3 - IP Services Configuration Guide
 R2306-HP 6125XLG Blade Switch Fundamentals Configuration Guide
 R240x-HP 6125XLG Blade Switch Security Configuration Guide
 R240x-HP 6125XLG Blade Switch Network Management and Monitoring Configuration Guide
http://h20566.www2.hp.com/portal/site/hpsc/public/psi/manualsResults/?cc=us&jumpid=hpr_r1002_usen
_link3&lang=en&sp4ts.oid=5404487
Supporting TOE Guidance Documentation
Hewlett-Packard Company 6125XLG Ethernet Blade Switch Security Target, Version 2.0, 19 February
2015
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
11
7 Independent Testing
This section describes the testing efforts of the evaluation team. It is derived from information contained
in the following:
 Evaluation Team Test Report for Hewlett-Packard Company 6125XLG Ethernet Blade Switch,
Version 3.0, February 20, 2015.
The purpose of this activity was to confirm the TOE behaves in accordance with the TOE security
functional requirements as specified in the ST for a product claiming conformance to Protection Profile
for Network Devices, Version 1.1, 8 June 2012 and Security Requirements for Network Devices Errata
#2.
The evaluation team devised a Test Plan based on the Testing Assurance Activities specified in NDPP
v1.1 and Security Requirements for Network Devices Errata #2. The Test Plan described how each test
activity was to be instantiated within the TOE test environment. The evaluation team executed the tests
specified in the Test Plan and documented the results in the team test report listed above.
Independent testing took place at the developer facility in Boston, MA on the dates September 29 –
October 3, 2014.
The evaluators received the TOE in the form that normal customers would receive it, installed and
configured the TOE in accordance with the provided guidance, and exercised the Team Test Plan on
equipment configured in the testing laboratory.
Given the complete set of test results from the test procedures exercised by the evaluators, the testing
requirements for NDPPv1.1 and Security Requirements for Network Devices Errata #2 are fulfilled.
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
12
8 Evaluated Configuration
The evaluated version of the TOE is Hewlett-Packard 6125XLG Ethernet Blade Switch running
Comware 7.1.045, Release 2406 P01, as installed and configured according to the Preparative Procedures
for CC NDPP Evaluated Hewlett-Packard 6125XLG Network Switches based on Comware V7, as well as
the supporting guidance documentation identified in Section 6.
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
13
9 Results of the Evaluation
The evaluation was conducted based upon the assurance activities specified in Protection Profile for
Network Devices, Version 1.1, 8 June 2012 and Security Requirements for Network Devices Errata #2, in
conjunction with version 3.1, revision 4 of the CC and the CEM. A verdict for an assurance component is
determined by the resulting verdicts assigned to the corresponding evaluator action elements.
The validation team’s assessment of the evidence provided by the evaluation team is that it demonstrates
that the evaluation team performed the assurance activities in the claimed PPs, and correctly verified that
the product meets the claims in the ST.
The details of the evaluation are recorded in the Evaluation Technical Report (ETR), which is controlled
by the Leidos CCTL. The security assurance requirements are listed in the following table.
Table 4: TOE Security Assurance Requirements
Assurance Component ID Assurance Component Name
ADV_FSP.1 Basic functional specification
AGD_OPE.1 Operational user guidance
AGD_PRE.1 Preparative procedures
ALC_CMC.1 Labeling of the TOE
ALC_CMS.1 TOE CM coverage
ATE_IND.1 Independent testing - conformance
AVA_VAN.1 Vulnerability survey
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
14
10 Validator Comments/Recommendations
The validation team suggests that the consumer pay particular attention to the installation guidance to
ensure the devices are placed into the evaluated configuration. In order to remain CC compliant, the
device(s) must be configured in FIPS mode.
As was noted in the Clarification of Scope section of this report, the devices provide more functionality
than was covered by the evaluation. Only the functionality claimed in the SFR’s in the Security Target
was evaluated. All other functionality provided by the devices needs to be assessed separately and no
further conclusions should be drawn as to their effectiveness, nor can any claims be made relative to their
security based upon this evaluation.
The validators note that Technical Decision TD0012 was applied to this evaluation. The Technical
Decision is available on the NIAP web site, but its impact on this evaluation is described below:
 TD0012: Algorithms not identified in FCS_SSH_EXT.1.4 must not be allowed in the
evaluated configuration of the TOE; The TOE does not support any algorithms not
identified in FCS_SSH_EXT.1.4. In FIPS mode, all other cipher suites are disabled.
The validation team’s assessment of the evidence provided by the evaluation team is that it demonstrates
that the evaluation team performed the assurance activities prescribed in the NDPPv1.1 with Errata #2,
and the Technical Decision listed above. Also, that the evaluation team correctly verified that the product
meets the claims of the associated Security Target.
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
15
11 Annexes
Not applicable.
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
16
12 Security Target
Hewlett-Packard Company 6125XLG Ethernet Blade Switch Security Target, Version 2.0, February 19,
2015.
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
17
13 Abbreviations and Acronyms
AAA Authentication, Authorization and Accounting
ACL Access Control List
AES Advanced Encryption Standard
AUT Authentication
CBC Cipher-Block Chaining
CC Common Criteria for Information Technology Security Evaluation
CEM Common Evaluation Methodology for Information Technology Security
CM Configuration Management
CLI Command Line Interface
DH Diffie-Hellman
ECB Electronic Codebook
EVB
EVI
FDP
Edge Virtual Bridging
Ethernet Virtualization Interconnection
User Data Protection CC Class
FIA Identification and Authentication CC Class
FIPS Federal Information Processing Standard
FMT Security Management CC Class
FSP Functional Specification
GR Graceful Restart
HMAC Hashed Message Authentication Code
IP Internet Protocol
IPC Inter-process communication
IPSEC Internet Protocol Security
IRF Intelligent Resilient Framework
ISSU
IT
In Service Software Upgrades
Information Technology
LACP Link Aggregation Control Protocol
MDC Multitenant device context
MOF
MPLS
MTD
Management of Functions
Multiprotocol Label Switching
Management of TSF Data
NDPP Protection Profile for Network Devices
OAA
OSP
Open Application Architecture
Organization Security Policy
OSPF
PP
Open Shortest Path First
Protection Profile
QoS Quality of Service
RADIUS Remote Authentication Dial In User Service
RPC Remote procedure call
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
18
RSA Rivest, Shamir and Adleman (algorithm for public-key cryptography)
SA Security Association
SAR Security Assurance Requirement
SFP Security Function Policy
SFR Security Functional Requirement
SHA Secure Hash Algorithm
SM Security Management
SMR Security Management Roles
SOF Strength of Function
SSH Secure Shell
ST Security Target
TACACS Terminal Access Controller Access Control System
TOE Target of Evaluation
TRILL
TSC
Transparent Interconnection of Lots of Links
TSF Scope of Control
TSF TOE Security Functions
TSP TOE Security Policy
UAU User Authentication
UDP User Data Protection
VLAN Virtual Local Area Network
VALIDATION REPORT
Hewlett-Packard 6125XLG Ethernet Blade Switch
19
14 Bibliography
The Validation Team used the following documents to produce this Validation Report:
[1] Common Criteria for Information Technology Security Evaluation Part 1: Introduction, Version
3.1, Revision 4, September 2012.
[2] Common Criteria for Information Technology Security Evaluation Part 2: Security Functional
Requirements, Version 3.1 Revision 4, September 2012.
[3] Common Criteria for Information Technology Security Evaluation Part 3: Security assurance
components, Version 3.1 Revision 4, September 2012.
[4] Common Methodology for Information Technology Security Evaluation, Evaluation
Methodology, Version 3.1, Revision 4, September 2012.
[5] Hewlett-Packard Company 6125XLG Ethernet Blade Switch Security Target, v2.0, February
19, 2015
[6] Common Criteria Evaluation and Validation Scheme - Guidance to CCEVS Approved
Common Criteria Testing Laboratories, Version 2.0, 8 Sep 2008.
[7] Evaluation Technical Report For Hewlett-Packard Company 6125XLG Ethernet Blade Switch,
parts 1 and 2 (and associated AAR and test report), version 2.0, February 20, 2015