What is a Common Criteria Certification?

Common Criteria is an internationally recognized standard and an ISO standard (ISO-IEC15408) for evaluating the security claims of IT products and systems. There are two implementations of the (Common Criteria) standard, community Protection Profile (cPP) and Evaluation Assurance Level (EAL). Each requires a rigorous evaluation to a set of security claims. cPP is a black box prescriptive model with standardized sets of requirements, and EAL is a white box model that allows greater scope in defining the set of claims. EAL4 also provides assurance through evaluation of the products design, implementation, company development methodology, internal systems, processes, security systems and architecture and support.

Check Point R80.30 has been awarded 2 Common Criteria certificates proving that is compliant to both EAL at level 4+ and for cPP for 3 Protection Profiles. The certifications provide independent validation of the R80.30 network security management and security management and security gateway products, and demonstrate its robustness having successfully completed independent feature and interoperability testing, penetration testing, and vulnerability analysis.

Check Point Common Certification, Current Certifications

The Netherlands EAL4+

Check Point R80.30 Firmware for Security Gateway Appliances with Firewall, IPS Blade Pattern Matcher, and Security Management Server. The certification is at EAL4 augmented with ALC_FLR.1 (EAL4+) Target of Evaluation (TOE) includes:

  • Firewall
  • IPS Blade Pattern Matcher
  • REST API
  • Enterprise appliances, TE appliances, Smart-1, CloudGuard

The certificate, up to EAL4, has international recognition through the SOGIS Mutual Recognition Agreement (MRA).

Download the Certificate

The USA NIAP-CCEVS cPP

Check Point R80.30 Security Gateway Appliances is certified by NIAP-CCEVS as conformant to 3 community Protection Profiles (cPP):

  • Network Device Version 2.0 + Errata 20180314 (NDcPP)
  • Stateful Traffic Filter Firewalls Version 2.0 + Errata 2018314
  • Extended Package for VPN Gateways Version 2.1

Target of Evaluation (TOE) includes:

  • SmartConsole, Smart-1, enterprise appliances, Threat Emulation appliances and CloudGuard

The certification is compliant to the extended requirements of the NSA Commercial Solutions for Classified (CSfC). The certificate has international recognition through Common Criteria Recognition Arrangement (CCRA).

Download the Certificate

Check Point Common Criteria Certification Historical Record

  • Security Appliances R77.30 NIAP-CCEVS awarded this certificate with a full claim for compliance to 3 Protection Profiles modified to the even more stringent standards of the NSA commercial solutions to protect classified networks (CSfC) that qualifies the Check Point solution to protect US Government CLASSIFIED networks:
    • Network Devices, Version 1.1 (with Errata #3), 8 June 2012 (NDPP11e3) with the following two extended packages:
    • Network Device Protection Profile Extended Package Stateful Traffic Filter Firewall, Version 1.0, 19 December 2011 (FW)
    • Network Device Protection Profile Extended Package VPN Gateway, Version 1.1, 15 April 2013 (VPN) as amended by CSfC Selections for VPN Gateways
    • Certificate
  • Check Point Security Appliances with Security Management and Security Gateway R77 on GAiA r77 extends the claims made in R7x and VSX (both awarded in 2012) and includes FIPS compliant cryptography, VSX, GAiA, IPS, Acceleration, HTTPS inspection, and 2012 appliances, Smart-1, IAS, IP, Power-1 and UTM-1.
  • Endpoint Security E80.30 certified at Evaluation Assurance Level (EAL) 2 augmented with ALC_FLR.3 (Flaw Remediation). Certification claims includes Full Disk Encryption Blade, Media Encryption & Port Protection Blade, Firewall & Application Control Blades, Compliance Blade and VPN Blade.
  • Check Point Software Blades R7x awarded EAL4 with claim to 3 US Government Protection Profiles (application level firewall, traffic filter firewall, IPS). Certification Target of Evaluation (TOE) included Cluster and acceleration, FIPS compliant cryptography, and 3 tier architecture. All 2012 hardware and IAS appliances are included in the TOE.
  • Check Point VSX R67 in combination with Check Point Provider-1 R71 is certified at Evaluation Assurance Level (EAL) 4 augmented with ALC_FLR.3 (Flaw Remediation). Certification claim includes firewall, IPS, VPN, virtual systems, high availability, ClusterXL, and Check Point 2012 appliances.
  • Check Point Firewall Technology (VPN-1 NGX) running on Check Point Appliances was awarded a Common Criteria Evaluation Assurance Level (EAL) 4 augmented with AVA_VLA.3 (Medium Robustness) and ALC_FLR.3 (Flaw Remediation) by NIAP-CCEVS. This certification level confirms that the Check Point Security Gateways withstood penetration testing to an attacker possessing moderate attack potential
    • Protection Profile Identifiers:
      • US Department of Defense Application-Level Firewall Protection Profile for Medium Robustness Environments, Version 1.0 (Archived)
      • US Department of Defense Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, Version 1.4 (Archived)
      • Intrusion Detection System Protection Profile, Version 1.6, dated April 4, 2006 (Archived)
    • EAL4+ Certificate
    • EAL4+ Certificate
  • Endpoint Security Full Disk Encryption, Pointsec PC 6.3.1 is certified at EAL4
  • Check Point Endpoint Security Media Encryption is certified at EAL4
  • Integrity 6.5 Agent is certified at EAL4 with ALC_FLR.2, AVA_VLA.3
  • NFR Sentivist™ (now Check Point IPS-1™) is certified at EAL2, conformant to the US government IDS/IPS Protection Profile

Try it now

Talk to a specialist

Get pricing

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO