Maintenance Addendum Nortel Switched Firewall 5100 Series Version 2.3.5 (February 2007)
Maintenance Report
Nortel Switched Firewall 5100 Series Version 2.3.5
Issued by:
Communications Security Establishment
Certification Body
Canadian Common Criteria Evaluation and Certification Scheme
© 2007 Government of Canada, Communications Security Establishment
| Document number | 383-7-15-MR |
|---|---|
| Version | 1.0 |
| Date | 7 February 2007 |
1 Introduction
On 2 February 2007, Nortel submitted an Impact Analysis Report (IAR) to the CCS Certification Body on the Nortel Switched Firewall 5100 Series Version 2.3.5 product.
The IAR is intended to satisfy requirements outlined in version 1.0 of the Common Criteria document CCIMB-2004-02-009: Assurance Continuity: CCRA Requirements. In accordance with those requirements, the IAR describes any changes made to the TOE and/or its IT environment, the evidence updated as a result of the changes and the security impact of the changes.
2 Description of changes
The product name has changed from the Nortel Networks Alteon Switched Firewall Version 2.0.3 with Hotfix 315/NG_FP3_HFA_315 to the Nortel Switched Firewall 5100 Series Version 2.3.5. The changes listed in the IAR include changes made to the Nortel Alteon Switched Firewall Version 2.0.3 as well as changes made to Check Point VPN-1/FireWall-1 NGX (R60). For detail on Check Point VPN-1/FireWall-1 NGX (R60), which is maintained under the CCS, refer to the CCS Certifed Products page.
The following characterizes the changes implemented in the Nortel Switched Firewall 5100 Series Version 2.3.5. For each change, it was verified that there were no required changes to the security functional requirements in the ST, and thorough functional and regression testing was conducted by the developer to ensure that the assurance in the Target of Evaluation (TOE) was maintained. The changes in Nortel Switched Firewall 5100 Series Version 2.3.5 comprise software and hardware changes that:
- incorporate Check Point VPN-1/FireWall-1 NGX (R60);
- add non-security related functionality to the product not included in the scope of the original evaluation; and
- incorporate the functionality of the Switched Firewall Director and the Switched Firewall Accelerator subsystems into one hardware unit.
3 Affected developer evidence
Modifications to the product necessitated changes to a subset of the developer evidence that was previously submitted. The subset of affected developer evidence was identified in the IAR, and revised versions of all affected developer evidence were submitted.
Modifications to the security target were made to reflect the new product versions.
4 Conclusions
Changes include incorporation of the Check Point VPN-1/FireWall-1 NGX (R60), together with non-security related features changes, and hardware changes. Through functional and regression testing of the Nortel Switched Firewall 5100 Series Version 2.3.5, assurance gained in the original TOE certification was maintained. As all of the changes to the TOE have been classified as minor, it is the conclusion of the CB that the maintained TOE is appropriate for assurance continuity and re-evaluation is not required.
5 References
Assurance Continuity: CCRA Requirements, CCIMB-2004-02-009, version 1.0, February 2004
Technical Oversight for Assurance Continuity of a certified TOE, version 1.0, 18 June 2004
Certification Report for EAL4 Evaluation of Nortel Alteon Switched Firewall (Version 2.0.3 with Hotfix 315/NG_FP3_HFA_315)