Products

Services and Support

Threat Center

Visit our Threat Center

Certified Check Point Solutions

Check Point products consistently meet and exceed the stringent requirements established by internationally recognized standards, approval processes and independent security industry tests. That’s why Check Point solutions are essential for agencies and companies tasked with maintaining the highest level of security and confidentiality.

The following list summarizes third-party certifications received by Check Point products.

If your organization requires additional certifications not listed here, please contact us to learn more about certification for Check Point solutions.

Certification	Check Point Solution (with direct links to the official certification posting)
Medium Robustness Certification Withstands US Government penetration testing - AVA_VLA.3.	AVA_VLA.3 - Most stringent level of US Government certification Protection Profile Identifiers: US Department of Defense Application-Level Firewall Protection Profile for Medium Robustness Environments, Version 1.0 (Archived) US Department of Defense Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, Version 1.4 (Archived) Intrusion Detection System Protection Profile, Version 1.6, dated April 4, 2006 (Archived) Full Security Gateway certification details are listed on the NIAP-CCEVS Product compliance list. Click to download the PDF on this Achievement - Check Point's Medium Robustness Certification.
Common Criteria Internationally recognized standard and an ISO standard (ISO-IEC 15408) for evaluating the security claims of IT products and systems. Certification provides customers with a higher level of assurance that the security of a product as evaluated meets the standards for security requirements.	Check Point offers EAL4 certified security solutions for firewall, VPN, IDS, IPS, management, secure logging, and endpoint security. Check Point Integrity is the only endpoint security solution from a major security vendor to achieve Common Criteria EAL4 certification. Check Point Software Blades R7x awarded EAL4 with claim to 3 US Government Protection Profiles (application level firewall, traffic filter firewall, IPS. Certification Target of Evaluation (TOE) included Cluster and acceleration, FIPS compliant crypography, and 3 tier architecture. All 2012 hardware and IAS appliances are included in the TOE. Check Point VSX R67 in combination with Check Point Provider-1 R71 is certified at Evaluation Assurance Level (EAL) 4 augmented with ALC_FLR.3 (Flaw Remediation). Certification claim includes firewall, IPS, VPN, virtual systems, high availability and ClusterXL, and Check Point 2012 appliances. Check Point Firewall Technology (VPN-1 NGX) running on Check Point Appliances was awarded a Common Criteria Evaluation Assurance Level (EAL) 4 augmented with AVA_VLA.3 (Medium Robustness) and ALC_FLR.3 (Flaw Remediation)by NIAP-CCEVS. This certification level confirms that the Check Point Security Gateways withstood penetration testing to an attacker possessing moderate attack potential. Check Point appliances were shown to meet and exceed the requirements of two U.S. DoD Medium Robustness Protection Profiles, for proxy and traffic filtering firewalls. In addition, the products meet the requirements of the NSA System Protection Profile for an Intrusion Detection System (IDSSPP). The IDSSPP provides a level of protection appropriate for IT environments that require detection of malicious and inadvertent attempts to gain inappropriate access to IT resources. VPN-1 conforms to the Intrusion Detection System Protection Profile, March 9, 2005 and meets the functional requirements of the Application-Layer Firewall Medium Robustness V1, June 2000, and the Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, V1.4 June 2000. Endpoint Security Full Disk Encryption, Pointsec PC 6.3.1 is certified at EAL4 Check Point Endpoint Security Media Encryption is certified at EAL4 Integrity 6.5 Agent Is certified at EAL4 with ALC_FLR.2, AVA_VLA.3 NFR Sentivist™ (now Check Point IPS-1™) Is certified at EAL2, conformant to the US government IDS/IPS Protection Profile In Evaluation: The following products are listed by NIAP-CCEVS as In Evaluation. This listing is achieved after having successfully passed an iVOR (initial Validation Oversight Review) Check Point Security Gateway Appliances with Security Management R76 and GAIA Check Point Endpoint Security Version R8x (Total Security)
FIPS Federal Information Processing Standard (FIPS) 140-2 defines security requirements for cryptographic modules for US government National Security Telecommunications and Information Systems. Security Policy (NSTISSP) #11.	The Network Security product Security Gateway with firewall and VPN Software Blades certificate 1219 is certified to FIPS 140-2. Check Point Full Disk Encryption for Windows 770 Check Point Full Disk Encryption for Mac OS X 770 Check Point Full Disk Encryption for Symbian9 770 Check Point Media Encryption 784 Pointsec Mobile 1100 Connectra 1474 Check Point IP Appliance 1551 1552 In Process: The following products are listed by NIST-CMVP as In Process. This listing is achieved after a complete set of Vendor evidence is accepted by an accredited evaluation lab. VSX Security Gateway R7x Security Management Provider-1 CryptoCore V2 used by Endpoint TS
The CESG CCTM scheme verifies the claims security vendors make for their solutions for data confidentiality, integrity and availability in the modern government IT environment. Its test methodology is uniformly applied to all candidate products and services to ensure that certification provides a consistent and objective quality benchmark for network managers and purchasers. It is operated by CESG, the Information Assurance arm of the Government Communications Headquarters (GCHQ). More information is available at	Check Point has certified through the CESG CCTM: UTM-1 Edge W Endpoint Media Encryption Endpoint Full Disk Encryption Pointsec for Pocket PC Pointsec for PC Enterprise Workplace Edition
IPv6 Certified to include IPv6 mandatory core protocols and interoperability with other IPv6 implementations.	Check Point Software Blades R75.40 on GAiA was awarded the IPv6 Ready Phase 2 logo and was additionally accredited as passing the IPv6 Firewall testing for this version Check Point Software Blades R7x passed IPv6 certification against the US Government IPv6 profile in the Network Protection Device (NPD)and Router categories for IPSec, IKE, ESP and Firewall. R7x is now listed on the University of New Hampshire Web http://www.iol.unh.edu/services/testing/ipv6/usgv6tested.php.
ICSA Independent testing and certifications for Firewall and IPSec, including the security functions of data source authentication, data integrity and confidentiality.	Security Gateway R75 is IPsec certified to ICSA IPsec 1.3 enhanced criteria Security Gateway R71 is certified to ICSA corporate firewall criteria UTM-1 Edge W is certified to ICSA corporate firewall criteria
VPN Consortium	VPN-1 NGX and UTM-1 have passed IPSec conformance testing Connectra has passed SSL VPN conformance testing
NSS Leading independent security products testing organization evaluating performance, security effectiveness and usability.	Check Point actively participates in NSS Labs tests, excelling in the industry's most comprehensive third-party firewall, NGFW and intrusion prevention (IPS) group testing to date. 2010 IPS Group Test - NSS Labs Recommended 2012 IPS Group Test – NSS Labs Recommended 2011 Firewall Group Test – NSS Labs Recommended 2011 NGFW Test – NSS Labs Recommended
BITS Financial services security laboratory	Check Point Full Disk Encryption is certified to meet the security needs of the financial services industry.
Section 508 Section 508 of the United States Rehabilitation Act of 1973 mandates that Federal agencies acquire products which enable people with disabilities to have access to information and data in a way that is comparable to the access and use experienced by people without disabilities.	VPN-1 NG FP-1 complies with Section 508, and is compatible with assistive technology.
Euro Symbol	Eventia Reporter, where accounting functions are utilized, implements the concept of 'units' in place of any specific currency. Since neither the EURO nor any other monetary symbol appears in our software products, Check Point therefore states that it is in EURO symbol compliance.

Certification

Check Point Solution (with direct links to the official certification posting)

Medium Robustness Certification

Withstands US Government penetration testing - AVA_VLA.3.

Medium Robustness Certification

AVA_VLA.3 - Most stringent level of US Government certification

Protection Profile Identifiers:
- US Department of Defense Application-Level Firewall Protection Profile for Medium Robustness Environments, Version 1.0 (Archived)
- US Department of Defense Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, Version 1.4 (Archived)
- Intrusion Detection System Protection Profile, Version 1.6, dated April 4, 2006 (Archived)

Full Security Gateway certification details are listed on the NIAP-CCEVS Product compliance list.

Click to download the PDF on this Achievement - Check Point's Medium Robustness Certification.

Common Criteria Internationally recognized standard and an ISO standard (ISO-IEC 15408) for evaluating the security claims of IT products and systems. Certification provides customers with a higher level of assurance that the security of a product as evaluated meets the standards for security requirements.

Check Point offers EAL4 certified security solutions for firewall, VPN, IDS, IPS, management, secure logging, and endpoint security. Check Point Integrity is the only endpoint security solution from a major security vendor to achieve Common Criteria EAL4 certification.

Check Point Software Blades R7x awarded EAL4 with claim to 3 US Government Protection Profiles (application level firewall, traffic filter firewall, IPS. Certification Target of Evaluation (TOE) included Cluster and acceleration, FIPS compliant crypography, and 3 tier architecture. All 2012 hardware and IAS appliances are included in the TOE.
Check Point VSX R67 in combination with Check Point Provider-1 R71 is certified at Evaluation Assurance Level (EAL) 4 augmented with ALC_FLR.3 (Flaw Remediation). Certification claim includes firewall, IPS, VPN, virtual systems, high availability and ClusterXL, and Check Point 2012 appliances.
Check Point Firewall Technology (VPN-1 NGX) running on Check Point Appliances was awarded a Common Criteria Evaluation Assurance Level (EAL) 4 augmented with AVA_VLA.3 (Medium Robustness) and ALC_FLR.3 (Flaw Remediation)by NIAP-CCEVS. This certification level confirms that the Check Point Security Gateways withstood penetration testing to an attacker possessing moderate attack potential. Check Point appliances were shown to meet and exceed the requirements of two U.S. DoD Medium Robustness Protection Profiles, for proxy and traffic filtering firewalls. In addition, the products meet the requirements of the NSA System Protection Profile for an Intrusion Detection System (IDSSPP). The IDSSPP provides a level of protection appropriate for IT environments that require detection of malicious and inadvertent attempts to gain inappropriate access to IT resources.

VPN-1 conforms to the Intrusion Detection System Protection Profile, March 9, 2005 and meets the functional requirements of the Application-Layer Firewall Medium Robustness V1, June 2000, and the Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, V1.4 June 2000.

Endpoint Security Full Disk Encryption, Pointsec PC 6.3.1 is certified at EAL4
Check Point Endpoint Security Media Encryption is certified at EAL4
Integrity 6.5 Agent Is certified at EAL4 with ALC_FLR.2, AVA_VLA.3
NFR Sentivist™ (now Check Point IPS-1™) Is certified at EAL2, conformant to the US government IDS/IPS Protection Profile

In Evaluation:

The following products are listed by NIAP-CCEVS as In Evaluation. This listing is achieved after having successfully passed an iVOR (initial Validation Oversight Review)

Check Point Security Gateway Appliances with Security Management R76 and GAIA
Check Point Endpoint Security Version R8x (Total Security)

FIPS
Federal Information Processing Standard (FIPS) 140-2 defines security requirements for cryptographic modules for US government National Security Telecommunications and Information Systems. Security Policy (NSTISSP) #11.

FIPS Validated 140-2

The Network Security product Security Gateway with firewall and VPN Software Blades certificate 1219 is certified to FIPS 140-2.

Check Point Full Disk Encryption for Windows 770
Check Point Full Disk Encryption for Mac OS X 770
Check Point Full Disk Encryption for Symbian9 770
Check Point Media Encryption 784
Pointsec Mobile 1100
Connectra 1474
Check Point IP Appliance 1551 1552

In Process:

The following products are listed by NIST-CMVP as In Process. This listing is achieved after a complete set of Vendor evidence is accepted by an accredited evaluation lab.

VSX
Security Gateway R7x
Security Management
Provider-1
CryptoCore V2 used by Endpoint TS

The CESG CCTM scheme verifies the claims security vendors make for their solutions for data confidentiality, integrity and availability in the modern government IT environment. Its test methodology is uniformly applied to all candidate products and services to ensure that certification provides a consistent and objective quality benchmark for network managers and purchasers. It is operated by CESG, the Information Assurance arm of the Government Communications Headquarters (GCHQ). More information is available at

Check Point has certified through the CESG CCTM:

UTM-1 Edge W
Endpoint Media Encryption
Endpoint Full Disk Encryption
Pointsec for Pocket PC
Pointsec for PC Enterprise Workplace Edition

IPv6
Certified to include IPv6 mandatory core protocols and interoperability with other IPv6 implementations.

Check Point Software Blades R75.40 on GAiA was awarded the IPv6 Ready Phase 2 logo and was additionally accredited as passing the IPv6 Firewall testing for this version
Check Point Software Blades R7x passed IPv6 certification against the US Government IPv6 profile in the Network Protection Device (NPD)and Router categories for IPSec, IKE, ESP and Firewall.

R7x is now listed on the University of New Hampshire Web http://www.iol.unh.edu/services/testing/ipv6/usgv6tested.php.

ICSA
Independent testing and certifications for Firewall and IPSec, including the security functions of data source authentication, data integrity and confidentiality.

Security Gateway R75 is IPsec certified to ICSA IPsec 1.3 enhanced criteria
Security Gateway R71 is certified to ICSA corporate firewall criteria
UTM-1 Edge W is certified to ICSA corporate firewall criteria

VPN Consortium

VPN-1 NGX and UTM-1 have passed IPSec conformance testing
Connectra has passed SSL VPN conformance testing

NSS
Leading independent security products testing organization evaluating performance, security effectiveness and usability.

NSS Labs Recommend

Check Point actively participates in NSS Labs tests, excelling in the industry's most comprehensive third-party firewall, NGFW and intrusion prevention (IPS) group testing to date.

2010 IPS Group Test - NSS Labs Recommended

2012 IPS Group Test – NSS Labs Recommended

2011 Firewall Group Test – NSS Labs Recommended

2011 NGFW Test – NSS Labs Recommended

BITS Financial services security laboratory

Check Point Full Disk Encryption is certified to meet the security needs of the financial services industry.

Section 508
Section 508 of the United States Rehabilitation Act of 1973 mandates that Federal agencies acquire products which enable people with disabilities to have access to information and data in a way that is comparable to the access and use experienced by people without disabilities.

VPN-1 NG FP-1 complies with Section 508, and is compatible with assistive technology.

Euro Symbol

Eventia Reporter, where accounting functions are utilized, implements the concept of 'units' in place of any specific currency. Since neither the EURO nor any other monetary symbol appears in our software products, Check Point therefore states that it is in EURO symbol compliance.