Check Point products consistently meet and exceed the stringent requirements established by internationally recognized standards, approval processes and independent security industry tests. That’s why Check Point solutions are essential for agencies and companies tasked with maintaining the highest level of security and confidentiality. The following list summarizes third-party certifications received by Check Point products. If your organization requires additional certifications not listed here, please contact us to learn more about certification for Check Point solutions.

NIAPC (NATO Information Assurance Product Catalogue)

Check Point Software Technologies Ltd. Security Appliances R77.30 is now listed on the NATO Approved products list as follows:

Manufacturer : Check Point Software Technologies Inc.
Categories: VPN (Virtual Private Network), Firewall and Mailguard
Security Mechanism Groups: Boundary Protection Devices and Systems, Cryptography, Identity Management and Access Protection, Interruptibility and Availability
Classification: NATO RESTRICTED
Country: United States

Defense Information Systems Agency, Department of Defense (DISA)

Certification of the FW, VPN, IDS and IPS are to DoD requirements. Security Gateway has attained a listing on the DoD Approved Product List (APL) having successfully completed Interoperability (IO) and Information Assurance(IA) certification requirements for use on US Department of Defense Networks.
Products listed on the DISA Approved Product List (APL) are allowed for use over all DOD network infrastructures. Certified appliance series include the 4000, 5000, 15000 and 23000 Series.

Note that while the listing says R77, testing was performed on R77.30 as the “.30” is regarded as a maintenance update.

The certification process is conducted by the Defense Information Systems Agency (DISA) Unified Capabilities Connection Office (UCCO).

NSA (National Security Agency) | CSS (Central Security Service)

NSA/CSS’s Commercial Solutions for Classified (CSfC) Program has been established to enable commercial products to be used in layered solutions protecting classified NSS data. This will provide the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not years.

Check Point Security Gateway R77.30 is now listed on the NSA CSfC APL.

Common Criteria
Common Criteria

Common Criteria is an internationally recognized standard and an ISO standard (ISO-IEC15408) for evaluating the security claims of IT products and systems. Certification provides customers with a higher level of assurance that the security of a product as evaluated meets the standards for security requirements.

Check Point has certified its Security Gateway and Management products to EAL4+ and later to the most current Protection Profiles. Customers can take much assurance from the evaluated configurations with the knowledge that the core technology has been independently verified for its claimed functionality and for interoperability.

  • Security Appliances R77.30 NIAP-CCEVS awarded this certificate with a full claim for compliance to 3 Protection Profiles modified to the even more stringent standards of the NSA commercial solutions to protect classified networks (CSFC) that qualifies the Check Point solution to protect US Government CLASSIFIED networks:
    • Network Devices, Version 1.1 (with Errata #3), 8 June 2012 (NDPP11e3) with the following two extended packages:
    • Network Device Protection Profile Extended Package Stateful Traffic Filter Firewall, Version 1.0, 19 December 2011 (FW)
    • Network Device Protection Profile Extended Package VPN Gateway, Version 1.1, 15 April 2013(VPN) as amended by CSfC Selections for VPN Gateways
    • Certificate
  • Check Point Security Appliances with Security Management and Security Gateway R77 on GAiA R77 extends the claims made in R7x and VSX(both awarded in 2012) and includes FIPS compliant cryptography, VSX, GAIA, IPS, Acceleration, HTTPS inspection, and 2012appliances, Smart-1, IAS, IP, Power-1 andUTM-1. Click here for additional details.
  • Endpoint Security E80.30 certified at Evaluation Assurance Level (EAL) 2 augmented with ALC_FLR.3 (Flaw Remediation). Certification claims includes Full Disk Encryption Blade, Media Encryption & Port Protection Blade, Firewall & Application Control Blades, Compliance Blade and VPN Blade.
  • Check Point Software Blades R7x awarded EAL4 with claim to 3 US Government Protection Profiles (application level firewall, traffic filter firewall, IPS. Certification Target of Evaluation (TOE) included Cluster and acceleration, FIPS compliant cryptography, and 3 tier architecture. All 2012 hardware and IAS appliances are included in the TOE.
  • Check Point VSX R67 in combination with Check Point Provider-1 R71 is certified at Evaluation Assurance Level (EAL) 4 augmented with ALC_FLR.3 (Flaw Remediation). Certification claim includes firewall, IPS, VPN, virtual systems, high availability and ClusterXL, and Check Point 2012 appliances.
  • Check Point Firewall Technology (VPN-1 NGX) running on Check Point Appliances was awarded a Common Criteria Evaluation Assurance Level (EAL) 4 augmented with AVA_VLA.3 (Medium Robustness) and ALC_FLR.3 (Flaw Remediation)by NIAP-CCEVS. This certification level confirms that the Check Point Security Gateways withstood penetration testing to an attacker possessing moderate attack potential.
    • Protection Profile Identifiers:
      • US Department of Defense Application-Level Firewall Protection Profile for Medium Robustness Environments, Version 1.0 (Archived)
      • US Department of Defense Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, Version 1.4 (Archived)
      • Intrusion Detection System Protection Profile, Version 1.6, dated April 4, 2006 (Archived)
  • Endpoint Security Full Disk Encryption, Pointsec PC 6.3.1 is certified at EAL4
  • Check Point Endpoint Security Media Encryption is certified at EAL4
  • Integrity 6.5 Agent Is certified at EAL4 with ALC_FLR.2, AVA_VLA.3
  • NFR Sentivist™ (now Check Point IPS-1™) Is certified at EAL2, conformant to the US government IDS/IPS Protection Profile
Federal Information Processing Standard (FIPS)

Federal Information Processing Standard (FIPS)140-2 defines security requirements for cryptographic modules for US government National Security Telecommunications and Information Systems. Security Policy (NSTISSP) #11.

Network Security Products

Check Point Cryptographic Library was awarded FIPS 140-2 certificate #2995

Algorithm TypeAlgorithmCAVP Certificate NumberNotes
Symmetric keyAES#3418AES with 128-bit or 256-bit keys using CBC and GCM modes.
Triple-DES#1929Three-key Triple-DES (168-bit keys). CBC mode. Triple-DES key-wrapping. Key establishment methodology provides 112 bits of encryption strength.
Asymmetric KeyRSA#1750Key generation.
Signature generation (2048-bit/3072-bit with either SHA-256, SHA-384 or SHA-512).
Signature verification. (1024-bit/2048-bit signature verification with either SHA-1, SHA-256, SHA-384 or SHA-512).
ECDSA#685Supports P-256, P-384, and P-521 curves.
HashingSHS#2824SHA-1 (disallowed for signature generation), SHA-224, SHA-256, SHA-384, SHA-512.
Message Authentication CodeHMAC#2176HMAC-SHA-1,
Random number generatorHash DRBG
and Entropy source
#823Hash DRBG with SHA-256 and a seed length of 440 bits in accordance with SP800-90.


CryptoCore V2.0 is certified for Windows 7 and OS X10.7 32/64 bit inc. AES-NI with certificate 1959 FDE 7.5 and E80.40 use the certified module and commence support for Windows 8 with UEFI.

CryptoCore 2.0 (16 bit preboot for FDE)

  • The Security Gateway with firewall and VPN Software Blades certificate 1977 is certified to FIPS 140-2
  • Security Management is certified with certificate 1978
  • VSX is certified with certificate 1976
  • Provider-1 is certified with certificate 1979
  • Check Point IP Appliance 1551 1552
  • Connectra 1474
  • FDE CryptoCore: Commencing from FDE 7.5 and Endpoint E80.40 we include 2 certificates (the 1st for pre-boot and the 2nd for Windows and OS X in both 32 and 64 bit:
    • CryptoCore 2.0 (16 bit preboot for FDE) 1997
    • CryptoCore V2.0 is certified for Windows 7 and OS X 10.7 32/64 bit inc. AES-NI with certificate 1959 FDE 7.5 and E80.40 use the certified module and commences support for Windows 7 with UEFI.
    • Check Point Full Disk Encryption for Symbian9 770
    • Check Point Media Encryption 784
    • Pointsec Mobile 1100

CryptoCore V4.0 is certified for

NOTE: PAA = Processor Algorithm Accelerator , which in practice is AES-NI

CESG NCSC Cyber Essentials Plus Logo

Check Point received two ‘CESG NCSC Cyber Essentials Plus’ awards under the British Government’s Cyber Essentials Accreditation Scheme.

Launched in 2014, the Cyber Essentials Scheme serves as part of the National Cyber Security Strategy to help British organizations bolster their defenses against cyber-attack.

Meeting the criteria

The CESG NCSC Cyber Essentials Plus accreditation offers a higher level of assurance by externally testing an organisation’s cyber security approach with an in-depth analysis of the information systems.


The UK CESG has awarded Check Point its CPA certification for Security Appliances in the categories of:


The CESG CCTM scheme verifies the claims security vendors make for their solutions for data confidentiality, integrity and availability in the modern government IT environment. Its test methodology is uniformly applied to all candidate products and services to ensure that certification provides a consistent and objective quality benchmark for network managers and purchasers. It is operated by CESG, theInformation Assurance arm of the GovernmentCommunications Headquarters (GCHQ). More information is available at

Check Point has certified through the CESG CCTM:

  • UTM-1 Edge W
  • Endpoint Media Encryption
  • Endpoint Full Disk Encryption
  • Pointsec for Pocket PC
  • Pointsec for PC Enterprise Workplace Edition
IPV6 Ready

Certified to include IPv6 mandatory core protocols and interoperability with other IPv6implementations.

ICSA labs - IPSec
ICSA - Firewall Corporate

Independent testing and certifications for Firewall and IPSec, including the security functions of data source authentication, data integrity and confidentiality.

VPNC CertifiedVPNC CertifiedVPNC Certified
  • VPN-1 NGX and UTM-1 have passed IPSec conformance testing
  • Connectra has passed SSL VPN conformance testing
NSS Labs Recommend

Leading independent security products testing organization evaluating performance, security effectiveness and usability. (FW, NGFW, IPS)

Check Point actively participates in NSS Labs tests, excelling in the industry’s most comprehensive third-party firewall, NGFW and intrusion prevention (IPS) group testing to date.

  • NGIPS Recommended – Nov 2017
    99.52% Exploit Block Rate Score! 5th IPS Recommended, 16th since 2011.
  • BDS Recommended – Oct 2017
    99.7% Breach Detection Score! 3rd BDS Recommended, 15th since 2011.
  • NGFW Recommended – June 2017
    99.86% Exploit Security Score! 6th NGFW Recommended, 14th since 2011.
  • NGIPS Recommended – Oct 2016
    Leading Overall Security Effectiveness (99.9%) and TCO!
  • BDS Recommended – Aug 2016
    2nd BDS Recommended! 100% Evasion Resistant!
  • NGFW Recommended – Feb 2016
    99.8% Security Score! 5th NGFW Recommended and 11th NSS Recommended since 2011!
  • BDS Recommended – Aug 2015
    Leading Security Effectiveness and TCO!
  • NGFW Recommended – Sept 2014
    4th NGFW Recommended and 9th NSS Recommended since 2011!
  • IPS Recommended – Nov 2013
    100% Mgt score; Best annual Mgt/Labor Cost (Upkeep / Tuning)!
  • NGFW Recommended – Feb 2013
    Best Security + Management Score of 98.5%!
  • IPS Individual Test – Feb 2013*
    6100 IPS Security Score of 99%! 26.5G IPS
  • FW Recommended – Jan 2013
    Best Security + Management score of 100%!
  • IPS Recommended – July 2012
    Leading integrated IPS Security Score of 98.7%!
  • NGFW Recommended – Jan 2012
    Continued NGFW Leadership and Excellence!
  • FW Recommended – April 2011
    Only vendor to pass the initial test!
  • NGFW Recommended – April 2011
    World’s first NSS Recommended NGFW!
  • IPS Recommended – Jan 2011
    Best integrated IPS Security Score of 97.3%!

*Individual product test. NSS award “Recommended” only in Group Tests.


Check Point Full Disk Encryption is certified to meet the security needs of the financial services industry.

Section 508

Section 508 of the United States Rehabilitation Act of 1973 mandates that Federal agencies acquire products which enable people with disabilities to have access to information and data in a way that is comparable to the access and use experienced by people without disabilities.

VPN-1 NG FP-1 complies with Section 508, and is compatible with assistive technology.

Euro Symbol

Eventia Reporter, where accounting functions are utilized, implements the concept of ‘units’ in place of any specific currency. Since neither the EURO nor any other monetary symbol appears in our software products, Check Point therefore states that it is in EURO symbol compliance.