What is a Common Criteria Certification?

Common Criteria is an internationally recognized standard and an ISO standard (ISO-IEC15408) for evaluating the security claims of IT products and systems. There are two implementations of the (Common Criteria) standard, community Protection Profile (cPP) and Evaluation Assurance Level (EAL). Each requires a rigorous evaluation to a set of security claims. cPP is a black box prescriptive model with standardized sets of requirements, and EAL is a white box model that allows greater scope in defining the set of claims. EAL4 also provides assurance through evaluation of the products design, implementation, company development methodology, internal systems, processes, security systems and architecture and support.

Check Point has the following Common Criteria certificates:

Check Point R81 with claimed compliance to 3 Protection Profiles.
Check Point R80.30 at EAL4+

These certifications provide independent validation of the claims made, compliance to standards, and successful completion of interoperability testing, penetration testing and a vulnerability analysis.

The USA NIAP-CCEVS cPP

Check Point R81 Security Gateway and Maestro Hyperscale Appliances R81.00 is certified by NIAP-CCEVS as conformant to 3 community Protection Profiles (cPP):

Base-PP: collaborative Protection Profile for Network Devices, Version 2.2e, 23 March 2020 (cPP_ND_v2.2e)
PP-Module: PP-Module for Virtual Private Network (VPN) Gateways, 1.1, 18 June 2020 (MOD_VPNGW_v1.1)
PP-Module: PP-Module for Stateful Traffic Filter Firewalls, Version 1.4e, 25 June 2020 (MOD_cPP_FW_v1.4e)

Target of Evaluation (TOE) includes:

SmartConsole, Smart-1, Quantum enterprise appliances including Maestro, and CloudGuard Network

The certification is listed on the NSA Commercial Solutions for Classified (CSfC) which qualifies U.S. Government agencies for using it to protect classified data.

The certificate also has international recognition through Common Criteria Recognition Arrangement (CCRA).

Download the Certificate

Check Point Common Criteria Certification Historical Record

The Netherlands EAL4+: Check Point R80.30 Firmware for Security Gateway Appliances with Firewall, IPS Blade Pattern Matcher, and Security Management Server. The certification is at EAL4 augmented with ALC_FLR.1 (EAL4+) Target of Evaluation (TOE) includes:
- Firewall
- IPS Blade Pattern Matcher
- REST API
- Enterprise appliances, TE appliances, Smart-1, CloudGuard
- Certificate

The USA NIAP-CCEVS cPP: Check Point R80.30 Security Gateway Appliances is certified by NIAP-CCEVS as conformant to 3 community Protection Profiles (cPP):
- Network Device Version 2.0 + Errata 20180314 (NDcPP)
- Stateful Traffic Filter Firewalls Version 2.0 + Errata 2018314
- Extended Package for VPN Gateways Version 2.1
- Certificate

Security Appliances R77.30 NIAP-CCEVS awarded this certificate with a full claim for compliance to 3 Protection Profiles modified to the even more stringent standards of the NSA commercial solutions to protect classified networks (CSfC) that qualifies the Check Point solution to protect US Government CLASSIFIED networks:
- Network Devices, Version 1.1 (with Errata #3), 8 June 2012 (NDPP11e3) with the following two extended packages:
- Network Device Protection Profile Extended Package Stateful Traffic Filter Firewall, Version 1.0, 19 December 2011 (FW)
- Network Device Protection Profile Extended Package VPN Gateway, Version 1.1, 15 April 2013 (VPN) as amended by CSfC Selections for VPN Gateways
- Certificate
Check Point Security Appliances with Security Management and Security Gateway R77 on GAiA r77 extends the claims made in R7x and VSX (both awarded in 2012) and includes FIPS compliant cryptography, VSX, GAiA, IPS, Acceleration, HTTPS inspection, and 2012 appliances, Smart-1, IAS, IP, Power-1 and UTM-1.
- EAL4+ Certificate
Endpoint Security E80.30 certified at Evaluation Assurance Level (EAL) 2 augmented with ALC_FLR.3 (Flaw Remediation). Certification claims includes Full Disk Encryption Blade, Media Encryption & Port Protection Blade, Firewall & Application Control Blades, Compliance Blade and VPN Blade.
- EAL2+ Certificate
Check Point Software Blades R7x awarded EAL4 with claim to 3 US Government Protection Profiles (application level firewall, traffic filter firewall, IPS). Certification Target of Evaluation (TOE) included Cluster and acceleration, FIPS compliant cryptography, and 3 tier architecture. All 2012 hardware and IAS appliances are included in the TOE.
Check Point VSX R67 in combination with Check Point Provider-1 R71 is certified at Evaluation Assurance Level (EAL) 4 augmented with ALC_FLR.3 (Flaw Remediation). Certification claim includes firewall, IPS, VPN, virtual systems, high availability, ClusterXL, and Check Point 2012 appliances.
Check Point Firewall Technology (VPN-1 NGX) running on Check Point Appliances was awarded a Common Criteria Evaluation Assurance Level (EAL) 4 augmented with AVA_VLA.3 (Medium Robustness) and ALC_FLR.3 (Flaw Remediation) by NIAP-CCEVS. This certification level confirms that the Check Point Security Gateways withstood penetration testing to an attacker possessing moderate attack potential
- Protection Profile Identifiers:
  - US Department of Defense Application-Level Firewall Protection Profile for Medium Robustness Environments, Version 1.0 (Archived)
  - US Department of Defense Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, Version 1.4 (Archived)
  - Intrusion Detection System Protection Profile, Version 1.6, dated April 4, 2006 (Archived)
- EAL4+ Certificate
- EAL4+ Certificate
Endpoint Security Full Disk Encryption, Pointsec PC 6.3.1 is certified at EAL4
Check Point Endpoint Security Media Encryption is certified at EAL4
Integrity 6.5 Agent is certified at EAL4 with ALC_FLR.2, AVA_VLA.3
NFR Sentivist™ (now Check Point IPS-1™) is certified at EAL2, conformant to the US government IDS/IPS Protection Profile