NSX is designed to be EAL4+ compliant in accordance with the Common Criteria Certification Program.
For more information about Common Criteria, see the Common Criteria Portal.
If your environment is not compliant with EAL4+, NSX will raise alarms. For more information about the alarms, see the "Security Compliance Events" section in NSX Event Catalog.
NSX supports the following security functional requirements:
| Requirement | Description | Auditable |
|---|---|---|
| FAU_GEN.1 | Audit data generation | Yes |
| FAU_SAR.1 | Audit review | No |
| FAU_STG.1 | Protected audit trail storage | No |
| FCS_CKM.1/TLS | Cryptographic key generation (for asymmetric keys) | No |
| FCS_COP.1/TLS.HMAC | Cryptographic operation (hashing) | No |
| FCS_COP.1/TLS | Cryptographic operation (TLS) | No |
| FCS_CKM.2/TLS | Cryptographic key distribution (TLS) | Yes |
| FCS_CKM.4 | Cryptographic key destruction | No |
| FCS_RNG.1/OSSL | Random number generation (OpenSSL) | No |
| FCS_RNG.1/BC | Random number generation (Bouncy Castle) | No |
| FDP_IFC.1 | Subset information flow control | No |
| FDP_IFF.1 | Simple security attributes | Yes |
| FIA_AFL.1 | Authentication failure handling | Yes |
| FIA_SOS.1 | Verification of secrets | Yes |
| FIA_UAU.2 | User authentication before any action | Yes |
| FIA_UID.1 | Timing of identification | Yes |
| FMT_SMR.1 | Security roles | Yes |
| FMT_SMF.1 | Specification of management functions | Yes |
| FMT_MOF.1 | Management of security functions behavior | No |
| FMT_MSA.1 | Management of security attributes | No |
| FMT_MSA.3 | Static attribute initialisation | No |
| FPT_TDC.1 | Inter-TSF basic TSF data consistency | Yes |
| FTP_ITC.1 | Inter-TSF trusted channel | Yes |
For each requirement, events that are auditable will be logged. For more information about event logging, see Log Messages and Error Codes.
