A list of all available network services containing at least the following information shall be included in the documentation accompanying the Network Product:

1. all interfaces providing IP-based protocols;
2. the available transport layer protocols on these interfaces;
3. their open ports and associated services per transport layer protocol;
4. and a free-form description of their purposes.

The port scanning tool that is used shall be capable to detect open ports on the relevant transport layer protocols.

The accredited evaluator's test lab is required to execute the following steps:

1. Verification of the compliance to the prerequisites:
   1. Verification that the list of available network services is available in the documentation of the Network Product
   2. Validation that all entries in the list of services are meaningful and reasonably necessary for the operation of the Network Product class
2. Identification of the open ports by means of capable port scanning tools or other suitable testing means
3. Verification that the list of identified open ports matches the list of available network services in the documentation of the Network Product

The used tool(s) name, their unambiguous version (also for plug-ins if applicable), used settings, and the relevant output containing all the technically relevant information about test results is evidence and shall be part of the testing documentation. All discrepancies between the list of identified open ports and the list of available network services in the documentation shall be highlighted in the testing documentation.

Output of portscan and list of identified discrepancies.

A list of all available network services containing at least the following information shall be included in the documentation accompanying the Network Product:

• all interfaces providing IP-based protocols;
• the available transport layer protocols on these interfaces;
• their open ports and associated services;
• and a free-form description of their purposes.

The used vulnerability scanning tool shall be capable to detect known vulnerabilities on common services. The used vulnerability information shall be reasonably recent at the time of testing.

The accredited evaluator's test lab is required to execute the following steps:

1. Execution of the suitable vulnerability scanning tool against all interfaces providing IP-based protocols of the Network Product.
2. Evaluation of the results based on their severity.

The used tool(s) name, their unambiguous version (also for plug-ins if applicable), used settings, and the relevant output is evidence and shall be part of the testing documentation. The discovered vulnerabilities (including source, example CVE ID), together with a rating of their severity, shall be highlighted in the testing documentation. COTS Vulnerability scanners, by their nature, (e.g. depending on how they are configured) may result in false findings/positives. The tool's documentation may even mention that the failing test shall be repeated to check whether it is really a recurring problem or not. The tester shall make best effort to determine if there is an issue with NE or the test tool and if necessary, work with the vendor of the network product to come to a consensus on the test result outcome.

Output of BVT tool.

The accredited evaluator's test lab is required to execute the following steps:

1. Execution of available effective fuzzing tools against the protocols available via interfaces providing IP-based protocols of the Network Product for an amount of time sufficient to be effective.
2. Execution of available effective robustness test tools against the protocols available via interfaces providing IP-based protocols of the Network Product for an amount of time sufficient to be effective.
3. For both step 1 and 2:
   1. Using a network traffic analyser on the network product (e.g. TCPDUMP) or an external traffic analyser directly connected to the network product, the tester verifies that the packets are correctly processed by the network product.
   2. The testers verifies that the network product and any running network service does not crash.
   3. The execution of tests shall run sufficient times.

A list of all of the protocols of the network product reachable externally on an IP-based interface, together with an indication whether effective available robustness and fuzz testing tools have been used against them, shall be part of the testing documentation. If no tool can be acquired for a protocol, a free form statement should explain why not. The used tool(s) name, their unambiguous version (also for plug-ins if applicable), used settings, and the relevant output is evidence and shall be part of the testing documentation. Any input causing unspecified, undocumented, or unexpected behaviour, and a description of this behaviour shall be highlighted in the testing documentation. COTS fuzzing tools, by their nature, may have an acceptable failure rate (e.g. 0.1%) due to different non-deterministic variables in their implementation. At some point the tool's documentation may even mention that the failing test shall be repeated to check whether it is really a recurring problem or not. The tester shall make best effort to determine if there is an issue with NE or the test tool and if necessary, work with the vendor of the network product to come to a consensus on the test result outcome.

A testing report provided by the testing agency which will consist of the following information:

• The used tool(s) name and version information,
• Settings and configurations used
• The output log file of the chosen tool that displays the results (passed/failed).
• Screenshot
• Test result (Passed or not)
• Log/evidence tracing possible crashes
• Any input causing unspecified, undocumented, or unexpected behaviour