What is a Common Criteria Certification?
Check Point R80.30 has been awarded 2 Common Criteria certificates proving that is compliant to both EAL at level 4+ and for cPP for 3 Protection Profiles. The certifications provide independent validation of the R80.30 network security management and security management and security gateway products, and demonstrate its robustness having successfully completed independent feature and interoperability testing, penetration testing, and vulnerability analysis.
Check Point Common Certification, Current Certifications
The Netherlands EAL4+
Check Point R80.30 Firmware for Security Gateway Appliances with Firewall, IPS Blade Pattern Matcher, and Security Management Server. The certification is at EAL4 augmented with ALC_FLR.1 (EAL4+) Target of Evaluation (TOE) includes:
- Firewall
- IPS Blade Pattern Matcher
- REST API
- Enterprise appliances, TE appliances, Smart-1, CloudGuard
The certificate, up to EAL4, has international recognition through the SOGIS Mutual Recognition Agreement (MRA).
The USA NIAP-CCEVS cPP
Check Point R80.30 Security Gateway Appliances is certified by NIAP-CCEVS as conformant to 3 community Protection Profiles (cPP):
- Network Device Version 2.0 + Errata 20180314 (NDcPP)
- Stateful Traffic Filter Firewalls Version 2.0 + Errata 2018314
- Extended Package for VPN Gateways Version 2.1
Target of Evaluation (TOE) includes:
- SmartConsole, Smart-1, enterprise appliances, Threat Emulation appliances and CloudGuard
The certification is compliant to the extended requirements of the NSA Commercial Solutions for Classified (CSfC). The certificate has international recognition through Common Criteria Recognition Arrangement (CCRA).
Check Point Common Criteria Certification Historical Record
- Security Appliances R77.30 NIAP-CCEVS awarded this certificate with a full claim for compliance to 3 Protection Profiles modified to the even more stringent standards of the NSA commercial solutions to protect classified networks (CSfC) that qualifies the Check Point solution to protect US Government CLASSIFIED networks:
- Network Devices, Version 1.1 (with Errata #3), 8 June 2012 (NDPP11e3) with the following two extended packages:
- Network Device Protection Profile Extended Package Stateful Traffic Filter Firewall, Version 1.0, 19 December 2011 (FW)
- Network Device Protection Profile Extended Package VPN Gateway, Version 1.1, 15 April 2013 (VPN) as amended by CSfC Selections for VPN Gateways
- Certificate
- Check Point Security Appliances with Security Management and Security Gateway R77 on GAiA r77 extends the claims made in R7x and VSX (both awarded in 2012) and includes FIPS compliant cryptography, VSX, GAiA, IPS, Acceleration, HTTPS inspection, and 2012 appliances, Smart-1, IAS, IP, Power-1 and UTM-1.
- Endpoint Security E80.30 certified at Evaluation Assurance Level (EAL) 2 augmented with ALC_FLR.3 (Flaw Remediation). Certification claims includes Full Disk Encryption Blade, Media Encryption & Port Protection Blade, Firewall & Application Control Blades, Compliance Blade and VPN Blade.
- Check Point Software Blades R7x awarded EAL4 with claim to 3 US Government Protection Profiles (application level firewall, traffic filter firewall, IPS). Certification Target of Evaluation (TOE) included Cluster and acceleration, FIPS compliant cryptography, and 3 tier architecture. All 2012 hardware and IAS appliances are included in the TOE.
- Check Point VSX R67 in combination with Check Point Provider-1 R71 is certified at Evaluation Assurance Level (EAL) 4 augmented with ALC_FLR.3 (Flaw Remediation). Certification claim includes firewall, IPS, VPN, virtual systems, high availability, ClusterXL, and Check Point 2012 appliances.
- Check Point Firewall Technology (VPN-1 NGX) running on Check Point Appliances was awarded a Common Criteria Evaluation Assurance Level (EAL) 4 augmented with AVA_VLA.3 (Medium Robustness) and ALC_FLR.3 (Flaw Remediation) by NIAP-CCEVS. This certification level confirms that the Check Point Security Gateways withstood penetration testing to an attacker possessing moderate attack potential
- Protection Profile Identifiers:
- US Department of Defense Application-Level Firewall Protection Profile for Medium Robustness Environments, Version 1.0 (Archived)
- US Department of Defense Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, Version 1.4 (Archived)
- Intrusion Detection System Protection Profile, Version 1.6, dated April 4, 2006 (Archived)
- EAL4+ Certificate
- EAL4+ Certificate
- Protection Profile Identifiers:
- Endpoint Security Full Disk Encryption, Pointsec PC 6.3.1 is certified at EAL4
- Check Point Endpoint Security Media Encryption is certified at EAL4
- Integrity 6.5 Agent is certified at EAL4 with ALC_FLR.2, AVA_VLA.3
- NFR Sentivist™ (now Check Point IPS-1™) is certified at EAL2, conformant to the US government IDS/IPS Protection Profile
Feedback