What is a Common Criteria Certification?

Common Criteria is an internationally recognized standard and an ISO standard (ISO-IEC15408) for evaluating the security claims of IT products and systems. There are two implementations of the (Common Criteria) standard, community Protection Profile (cPP) and Evaluation Assurance Level (EAL). Each requires a rigorous evaluation to a set of security claims. cPP is a black box prescriptive model with standardized sets of requirements, and EAL is a white box model that allows greater scope in defining the set of claims. EAL4 also provides assurance through evaluation of the products design, implementation, company development methodology, internal systems, processes, security systems and architecture and support.

Check Point R80.30 has been awarded 2 Common Criteria certificates proving that is compliant to both EAL at level 4+ and for cPP for 3 Protection Profiles. The certifications provide independent validation of the R80.30 network security management and security management and security gateway products, and demonstrate its robustness having successfully completed independent feature and interoperability testing, penetration testing, and vulnerability analysis.

Check Point Common Certification, Current Certifications

The Netherlands EAL4+

Check Point R80.30 Firmware for Security Gateway Appliances with Firewall, IPS Blade Pattern Matcher, and Security Management Server. The certification is at EAL4 augmented with ALC_FLR.1 (EAL4+) Target of Evaluation (TOE) includes:

Firewall
IPS Blade Pattern Matcher
REST API
Enterprise appliances, TE appliances, Smart-1, CloudGuard

The certificate, up to EAL4, has international recognition through the SOGIS Mutual Recognition Agreement (MRA).

Download the Certificate

The USA NIAP-CCEVS cPP

Check Point R80.30 Security Gateway Appliances is certified by NIAP-CCEVS as conformant to 3 community Protection Profiles (cPP):

Network Device Version 2.0 + Errata 20180314 (NDcPP)
Stateful Traffic Filter Firewalls Version 2.0 + Errata 2018314
Extended Package for VPN Gateways Version 2.1

Target of Evaluation (TOE) includes:

SmartConsole, Smart-1, enterprise appliances, Threat Emulation appliances and CloudGuard

The certification is compliant to the extended requirements of the NSA Commercial Solutions for Classified (CSfC). The certificate has international recognition through Common Criteria Recognition Arrangement (CCRA).

Download the Certificate

Check Point Common Criteria Certification Historical Record

Security Appliances R77.30 NIAP-CCEVS awarded this certificate with a full claim for compliance to 3 Protection Profiles modified to the even more stringent standards of the NSA commercial solutions to protect classified networks (CSfC) that qualifies the Check Point solution to protect US Government CLASSIFIED networks:
- Network Devices, Version 1.1 (with Errata #3), 8 June 2012 (NDPP11e3) with the following two extended packages:
- Network Device Protection Profile Extended Package Stateful Traffic Filter Firewall, Version 1.0, 19 December 2011 (FW)
- Network Device Protection Profile Extended Package VPN Gateway, Version 1.1, 15 April 2013 (VPN) as amended by CSfC Selections for VPN Gateways
- Certificate
Check Point Security Appliances with Security Management and Security Gateway R77 on GAiA r77 extends the claims made in R7x and VSX (both awarded in 2012) and includes FIPS compliant cryptography, VSX, GAiA, IPS, Acceleration, HTTPS inspection, and 2012 appliances, Smart-1, IAS, IP, Power-1 and UTM-1.
- EAL4+ Certificate
Endpoint Security E80.30 certified at Evaluation Assurance Level (EAL) 2 augmented with ALC_FLR.3 (Flaw Remediation). Certification claims includes Full Disk Encryption Blade, Media Encryption & Port Protection Blade, Firewall & Application Control Blades, Compliance Blade and VPN Blade.
- EAL2+ Certificate
Check Point Software Blades R7x awarded EAL4 with claim to 3 US Government Protection Profiles (application level firewall, traffic filter firewall, IPS). Certification Target of Evaluation (TOE) included Cluster and acceleration, FIPS compliant cryptography, and 3 tier architecture. All 2012 hardware and IAS appliances are included in the TOE.
Check Point VSX R67 in combination with Check Point Provider-1 R71 is certified at Evaluation Assurance Level (EAL) 4 augmented with ALC_FLR.3 (Flaw Remediation). Certification claim includes firewall, IPS, VPN, virtual systems, high availability, ClusterXL, and Check Point 2012 appliances.
Check Point Firewall Technology (VPN-1 NGX) running on Check Point Appliances was awarded a Common Criteria Evaluation Assurance Level (EAL) 4 augmented with AVA_VLA.3 (Medium Robustness) and ALC_FLR.3 (Flaw Remediation) by NIAP-CCEVS. This certification level confirms that the Check Point Security Gateways withstood penetration testing to an attacker possessing moderate attack potential
- Protection Profile Identifiers:
  - US Department of Defense Application-Level Firewall Protection Profile for Medium Robustness Environments, Version 1.0 (Archived)
  - US Department of Defense Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, Version 1.4 (Archived)
  - Intrusion Detection System Protection Profile, Version 1.6, dated April 4, 2006 (Archived)
- EAL4+ Certificate
- EAL4+ Certificate
Endpoint Security Full Disk Encryption, Pointsec PC 6.3.1 is certified at EAL4
Check Point Endpoint Security Media Encryption is certified at EAL4
Integrity 6.5 Agent is certified at EAL4 with ALC_FLR.2, AVA_VLA.3
NFR Sentivist™ (now Check Point IPS-1™) is certified at EAL2, conformant to the US government IDS/IPS Protection Profile

Try it now

Talk to a specialist

Get pricing

Additional Resources

Network

Cloud

Mobile

Endpoint

Security Management

Consolidated Security

Business Size

Topic

Industries

Support

Training

Services

Channel Partners

Technology Partners

Partner Portal

Resources

Downloads and Documentation

Cyber Security Insights