Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Certified Check Point Solutions

2014 Security Validation and Certification Update
Check Point Third Party Security Validation

Check Point products consistently meet and exceed the stringent requirements established by internationally recognized standards, approval processes and independent security industry tests. That’s why Check Point solutions are essential for agencies and companies tasked with maintaining the highest level of security and confidentiality.

The following list summarizes third-party certifications received by Check Point products.

If your organization requires additional certifications not listed here, please contact us to learn more about certification for Check Point solutions.

Certification Check Point Solution (with direct links to the official certification posting)

NIAPC (Nato Information Assurance Product Catalogue)

Nato Information Assurance Product Catalogue

The following two certifications are now listed on the NATO Approved products list. This is for firewall, IPS, and VSX and Provider-1.

Medium Robustness Certification

Withstands US Government penetration testing - AVA_VLA.3.

Medium Robustness Certification

AVA_VLA.3 - Most stringent level of US Government certification

  • Protection Profile Identifiers:
    • US Department of Defense Application-Level Firewall Protection Profile for Medium Robustness Environments, Version 1.0 (Archived)
    • US Department of Defense Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, Version 1.4 (Archived)
    • Intrusion Detection System Protection Profile, Version 1.6, dated April 4, 2006 (Archived)

Full Security Gateway certification details are listed on the NIAP-CCEVS Product compliance list.

Click to download the PDF on this Achievement - Check Point's Medium Robustness Certification.

DISA Defense Information Systems Agency, Department of Defense


Check Point Software Technologies 21400 version R7x and 4800 Version R7x are certified for firewall and VPN and listed on the US Department of Defense Unified Capabilities (UC) Approved Products List and have completed Interoperability (IO) and Information Assurance (IA) certification requirements for use on US Department of Defense Networks.

The certification process is conducted by the Defense Information Systems Agency (DISA) Unified Capabilities Connection Office (UCCO).

Common Criteria Internationally recognized standard and an ISO standard (ISO-IEC 15408) for evaluating the security claims of IT products and systems. Certification provides customers with a higher level of assurance that the security of a product as evaluated meets the standards for security requirements.

Common Criteria

Common Criteria

Check Point offers EAL4 certified security solutions for firewall, VPN, IDS, IPS, management, secure logging, and endpoint security. Check Point Integrity is the only endpoint security solution from a major security vendor to achieve Common Criteria EAL4 certification.

  • Check Point Security Appliances with Security Management and Security Gateway R77 on GAiA R77 extends the claims made in R7x and VSX (both awarded in 2012) and includes FIPS compliant cryptography, VSX, GAIA, IPS, Acceleration, HTTPS inspection, and 2012 appliances, Smart-1, IAS, IP, Power-1 and UTM-1. Click here for additional details.
  • Endpoint Security E80.30 certified at Evaluation Assurance Level (EAL) 2 augmented with ALC_FLR.3 (Flaw Remediation). Certification claims includes Full Disk Encryption Blade, Media Encryption & Port Protection Blade, Firewall & Application Control Blades, Compliance Blade and VPN Blade.
  • Check Point Software Blades R7x awarded EAL4 with claim to 3 US Government Protection Profiles (application level firewall, traffic filter firewall, IPS. Certification Target of Evaluation (TOE) included Cluster and acceleration, FIPS compliant crypography, and 3 tier architecture. All 2012 hardware and IAS appliances are included in the TOE.
  • Check Point VSX R67 in combination with Check Point Provider-1 R71 is certified at Evaluation Assurance Level (EAL) 4 augmented with ALC_FLR.3 (Flaw Remediation). Certification claim includes firewall, IPS, VPN, virtual systems, high availability and ClusterXL, and Check Point 2012 appliances.
  • Check Point Firewall Technology (VPN-1 NGX) running on Check Point Appliances was awarded a Common Criteria Evaluation Assurance Level (EAL) 4 augmented with AVA_VLA.3 (Medium Robustness) and ALC_FLR.3 (Flaw Remediation)by NIAP-CCEVS. This certification level confirms that the Check Point Security Gateways withstood penetration testing to an attacker possessing moderate attack potential. Check Point appliances were shown to meet and exceed the requirements of two U.S. DoD Medium Robustness Protection Profiles, for proxy and traffic filtering firewalls. In addition, the products meet the requirements of the NSA System Protection Profile for an Intrusion Detection System (IDSSPP). The IDSSPP provides a level of protection appropriate for IT environments that require detection of malicious and inadvertent attempts to gain inappropriate access to IT resources.

    VPN-1 conforms to the Intrusion Detection System Protection Profile, March 9, 2005 and meets the functional requirements of the Application-Layer Firewall Medium Robustness V1, June 2000, and the Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, V1.4 June 2000.
  • Endpoint Security Full Disk Encryption, Pointsec PC 6.3.1 is certified at EAL4
  • Check Point Endpoint Security Media Encryption is certified at EAL4
  • Integrity 6.5 Agent Is certified at EAL4 with ALC_FLR.2, AVA_VLA.3
  • NFR Sentivist™ (now Check Point IPS-1™) Is certified at EAL2, conformant to the US government IDS/IPS Protection Profile

Federal Information Processing Standard (FIPS) 140-2 defines security requirements for cryptographic modules for US government National Security Telecommunications and Information Systems. Security Policy (NSTISSP) #11.

FIPS Validated 140-2

  • The Security Gateway with firewall and VPN Software Blades certificate 1977 is certified to FIPS 140-2
  • Security Management is certified with certificate 1978
  • VSX is certified with certificate 1976
  • Provider-1 is certified with certificate 1979
  • Check Point IP Appliance 1551 1552
  • Connectra 1474
  • FDE Cryptocore: Commencing from FDE 7.5 and Endpoint E80.40 we include 2 certificates (the 1st for pre-boot and the 2nd for Windows and OS X in both 32 and 64 bit:
    • CryptoCore 2.0 (16 bit preboot for FDE) 1997
    • CryptoCore V2.0 is certified for Windows 7 and OS X 10.7 32/64 bit inc. AES-NI with certificate 1959 FDE 7.5 and E80.40 use the certified module and commences support for Windows 7 with UEFI.
  • Check Point Full Disk Encryption for Symbian9 770
  • Check Point Media Encryption 784
  • Pointsec Mobile 1100

UK Government certification scheme that is a replacement for CESG CCTM and the lower-end of CESG CAPS (known as Baseline).

Products with a CPA certification are aligned with the UK OFFICIAL tier.

CESG states: The OFFICIAL Tier is expected to be used for the vast majority (approximately 80%) of information that is created or processed by Government and the Wider Public Sector.


Products in Evaluation:
  • IPsec Security Gateway
  • Enterprise Management for Full Disk Encryption
  • Full Disk Encryption for MAC OS
  • Full Disk Encryption for Windows

The CESG CCTM scheme verifies the claims security vendors make for their solutions for data confidentiality, integrity and availability in the modern government IT environment. Its test methodology is uniformly applied to all candidate products and services to ensure that certification provides a consistent and objective quality benchmark for network managers and purchasers. It is operated by CESG, the Information Assurance arm of the Government Communications Headquarters (GCHQ). More information is available at



Check Point has certified through the CESG CCTM:

  • UTM-1 Edge W
  • Endpoint Media Encryption
  • Endpoint Full Disk Encryption
  • Pointsec for Pocket PC
  • Pointsec for PC Enterprise Workplace Edition

Certified to include IPv6 mandatory core protocols and interoperability with other IPv6 implementations.

IPv6 Ready
IPv6 Ready

Independent testing and certifications for Firewall and IPSec, including the security functions of data source authentication, data integrity and confidentiality.

ICSA labs - IPSec

ICSA - Firewall Corporate

  • Security Gateway R77 is IPsec certified to ICSA IPsec 1.3 enhanced criteria
  • Security Gateway R77 is certified to ICSA corporate firewall criteria
  • UTM-1 Edge W is certified to ICSA corporate firewall criteria

VPN Consortium

VPNC Certified

VPNC Certified

VPNC Certified

  • VPN-1 NGX and UTM-1 have passed IPSec conformance testing
  • Connectra has passed SSL VPN conformance testing

Leading independent security products testing organization evaluating performance, security effectiveness and usability.

NSS Labs Recommend



Check Point actively participates in NSS Labs tests, excelling in the industry's most comprehensive third-party firewall, NGFW and intrusion prevention (IPS) group testing to date.

BITS Financial services security laboratory

BITS Tested

  • Check Point Full Disk Encryption is certified to meet the security needs of the financial services industry.

Section 508
Section 508 of the United States Rehabilitation Act of 1973 mandates that Federal agencies acquire products which enable people with disabilities to have access to information and data in a way that is comparable to the access and use experienced by people without disabilities.

Section 508

  • VPN-1 NG FP-1 complies with Section 508, and is compatible with assistive technology.

Euro Symbol

Euro Symbol

  • Eventia Reporter, where accounting functions are utilized, implements the concept of 'units' in place of any specific currency. Since neither the EURO nor any other monetary symbol appears in our software products, Check Point therefore states that it is in EURO symbol compliance.