Check Point products consistently meet and exceed the stringent requirements established by internationally recognized standards, approval processes and independent security industry tests. That’s why Check Point solutions are essential for agencies and companies tasked with maintaining the highest level of security and confidentiality. The following list summarizes third-party certifications received by Check Point products. If your organization requires additional certifications not listed here, please contact us to learn more about certification for Check Point solutions.
- Protection Profile Identifiers:
- US Department of Defense Application-Level Firewall Protection Profile for Medium Robustness Environments, Version 1.0 (Archived)
- US Department of Defense Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, Version 1.4 (Archived)
- Intrusion Detection System Protection Profile, Version 1.6, dated April 4, 2006 (Archived)
Full Security Gateway certification details are listed on the NIAP-CCEVS Product compliance list.
- Security Appliances R77.30 NIAP-CCEVS awarded this certificate with a full claim for compliance to 3 Protection Profiles modified to the even more stringent standards of the NSA commercial solutions to protect classified networks (CSFC) that qualifies the Check Point solution to protect US Government CLASSIFIED networks:
- Network Devices, Version 1.1 (with Errata #3), 8 June 2012 (NDPP11e3) with the following two extended packages:
- Network Device Protection Profile Extended Package Stateful Traffic Filter Firewall, Version 1.0, 19 December 2011 (FW)
- Network Device Protection Profile Extended Package VPN Gateway, Version 1.1, 15 April 2013(VPN) as amended by CSfC Selections for VPN Gateways
- Check Point Security Appliances with Security Management and Security Gateway R77 on GAiA R77 extends the claims made in R7x and VSX(both awarded in 2012) and includes FIPS compliant cryptography, VSX, GAIA, IPS, Acceleration, HTTPS inspection, and 2012appliances, Smart-1, IAS, IP, Power-1 andUTM-1. Click here for additional details.
- Endpoint Security E80.30 certified at Evaluation Assurance Level (EAL) 2 augmented with ALC_FLR.3 (Flaw Remediation). Certification claims includes Full Disk Encryption Blade, Media Encryption & Port Protection Blade, Firewall & Application Control Blades, Compliance Blade and VPN Blade.
- Check Point Software Blades R7x awarded EAL4 with claim to 3 US Government Protection Profiles (application level firewall, traffic filter firewall, IPS. Certification Target of Evaluation (TOE) included Cluster and acceleration, FIPS compliant cryptography, and 3 tier architecture. All 2012 hardware and IAS appliances are included in the TOE.
- Check Point VSX R67 in combination with Check Point Provider-1 R71 is certified at Evaluation Assurance Level (EAL) 4 augmented with ALC_FLR.3 (Flaw Remediation). Certification claim includes firewall, IPS, VPN, virtual systems, high availability and ClusterXL, and Check Point 2012 appliances.
Check Point Firewall Technology (VPN-1 NGX) running on Check Point Appliances was awarded a Common Criteria Evaluation Assurance Level (EAL) 4 augmented with AVA_VLA.3 (Medium Robustness) and ALC_FLR.3 (Flaw Remediation)by NIAP-CCEVS. This certification level confirms that the Check Point Security Gateways withstood penetration testing to an attacker possessing moderate attack potential. Check Point appliances were shown to meet and exceed the requirements of two U.S. DoD Medium Robustness Protection Profiles, for proxy and traffic filtering firewalls. In addition, the products meet the requirements of the NSA System Protection Profile for an Intrusion Detection System (IDSSPP). The IDSSPP provides a level of protection appropriate for IT environments that require detection of malicious and inadvertent attempts to gain inappropriate access to IT resources.
VPN-1 conforms to the Intrusion Detection System Protection Profile, March 9, 2005 and meets the functional requirements of the Application-Layer Firewall Medium Robustness V1, June 2000, and the Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, V1.4 June 2000.
- Endpoint Security Full Disk Encryption , Pointsec PC 6.3.1 is certified at EAL4
- Check Point Endpoint Security Media Encryption is certified at EAL4
- Integrity 6.5 Agent Is certified at EAL4 with ALC_FLR.2, AVA_VLA.3
- NFR Sentivist ™ (now Check Point IPS-1™) Is certified at EAL2, conformant to the US government IDS/IPS Protection Profile
Federal Information Processing Standard (FIPS)140-2 defines security requirements for cryptographic modules for US government National Security Telecommunications and Information Systems. Security Policy (NSTISSP) #11.
Network Security Products
- AES: #3418
- TDES: #1929
- RSA: #1750
- ECDSA: #685
- DRBG: #823
- HMAC: #2176
- Component Test: #514 (IKEv1, IKEv2, TLS)
CryptoCore V2.0 is certified for Windows 7 and OS X10.7 32/64 bit inc. AES-NI with certificate 1959 FDE 7.5 and E80.40 use the certified module and commence support for Windows 8 with UEFI.
- The Security Gateway with firewall and VPN Software Blades certificate 1977 is certified to FIPS 140-2
- Security Management is certified with certificate 1978
- VSX is certified with certificate1976
- Provider-1 is certified with certificate 1979
- Check Point IP Appliance 1551 1552
- Connectra 1474
- FDE CryptoCore: Commencing from FDE 7.5 and Endpoint E80.40 we include 2 certificates (the 1st for pre-boot and the 2nd for Windows and OS X in both 32 and 64 bit:
- CryptoCore 2.0 (16 bit preboot for FDE) 1997
- CryptoCore V2.0 is certified for Windows 7 and OS X 10.7 32/64 bit inc. AES-NI with certificate 1959 FDE 7.5 and E80.40 use the certified module and commences support for Windows 7 with UEFI.
- Check Point Full Disk Encryption for Symbian9 770
- Check Point Media Encryption 784
- Pointsec Mobile 1100
CryptoCore V4.0 is certified for
- UTM-1 Edge W
- Endpoint Media Encryption
- Endpoint Full Disk Encryption
- Pointsec for Pocket PC
- Pointsec for PC Enterprise Workplace Edition
- Check PointSoftware Blades R75.40 on GAiAwas awarded the IPv6 Ready Phase 2 logo and was additionally accredited as passing the IPv6 Firewall testing for this version
- Check Point Software Blades R7x passed IPv6 certification against the US Government IPv6 profile in the Network Protection Device(NPD)and Router categories for IPSec, IKE, ESP and Firewall. R7x is now listed on the University of New Hampshire Web.
- Security Gateway R77 is IPsec certified to ICSA IPsec 1.3 enhanced criteria
- Security Gateway R77 is certified to ICSA corporate firewall criteria
- UTM-1 Edge W is certified to ICSA corporate firewall criteria
- 2015 NSS Breach Detection Systems (BDS) Test – NSS Labs Recommended
- 2013 Next Generation Firewall (NGFW) Test – NSS Labs Recommended
- 2013 Intrusion Prevention System (IPS)Test – NSS Labs Recommended
- 2013 Firewall Test – NSS Labs Recommended
- 2012 IPS Group Test – NSS Labs Recommended
- 2011 Firewall Group Test – NSS Labs Recommended
- 2011 NGFW Test – NSS Labs Recommended
- 2010 IPS Group Test – NSS Labs Recommended