What is a Common Criteria Certification?

Common Criteria is an internationally recognized standard and an ISO standard (ISO-IEC15408) for evaluating the security claims of IT products and systems. There are two implementations of the (Common Criteria) standard, community Protection Profile (cPP) and Evaluation Assurance Level (EAL). Each requires a rigorous evaluation to a set of security claims. cPP is a black box prescriptive model with standardized sets of requirements with a focus on conformance to standards, and EAL is a white box model that allows greater scope in defining the set of claims. EAL4 also provides assurance through evaluation of the products design, implementation, company development methodology, internal systems, processes, security systems and architecture and support. The two approaches are complementary, so having cPP and EAL4 provides a higher level of assurance.

Current Common Criteria Certification:

Quantum Smart-1 and Enterprise Firewalls including Maestro

Certification Details

The USA NIAP-CCEVS cPP Certificate:

Check Point R81 Security Gateway and Maestro Hyperscale Appliances R81.00 is certified by NIAP-CCEVS as conformant to 3 community Protection Profiles (cPP):

• Base-PP: collaborative Protection Profile for Network Devices, Version 2.2e, 23 March 2020
  (cPP_ND_v2.2e)
• PP-Module: PP-Module for Virtual Private Network (VPN) Gateways, 1.1, 18 June 2020
  (MOD_VPNGW_v1.1)
• PP-Module: PP-Module for Stateful Traffic Filter Firewalls, Version 1.4e, 25 June 2020
  (MOD_cPP_FW_v1.4e)

Target of Evaluation (TOE) includes:

• SmartConsole, Smart-1, Quantum enterprise appliances including Maestro, and CloudGuard Network
• The certification is listed on the NSA Commercial Solutions for Classified (CSfC) which qualifies U.S. Government agencies for using it to protect classified data.
• The certificate also has international recognition through Common Criteria Recognition Arrangement (CCRA).

The Netherlands NSCIB EAL4+ certificate TOE summary:

The Target of Evaluation (TOE) is Check Point R81.10 for Gateway and Maestro Configurations.
The TOE is a combination of the firmware for Security Gateway Module(s), a Security Management Server and (when deployed in Scalable Platform configuration) the firmware for the Maestro Orchestrator appliance(s):

• The Security Gateway Module (SGM) is a managed packet filtering firewall application, with IPS pattern matching (software) blade. The TOE provides controlled connectivity between two or more network environments. It mediates information flows between clients and servers located on internal and external networks governed by the firewalls. The SGM can either be deployed using instances of a single Security Gateway appliance, which incorporates the SGM or a combination of Security Gateway Modules (SGM) operating in a cluster as part of a Scalable Platform (SP).
• The Security Management Server is used to manage and deploy the security policies and rules to SGM.
• When operating as part of a Scalable Platform (SP), the Orchestrator appliance provides load-balancing services for the SGMs.

Check Point Certification Historical Record

Check Point R80.30 with claimed compliance to three NIAP approved Protection Profiles
Certificate

Check Point R80.30 at EAL4+
Certificate

Check Point R77.30
Certificate

Check Point R77 with VSX
EAL4+ Certificate

Check Point Endpoint Security E80.30
EAL2+ Certificate

Check Point Firewall Technology (VPN-1 NGX)
augmented with AVA_VLA.3 (Medium Robustness) and ALC_FLR.3 (Flaw Remediation) by NIAP-CCEVS

EAL4+ Certificate
EAL4+ Certificate (with Check Point IP appliances)

Endpoint Security Full Disk Encryption, Pointsec PC 6.3.1 is certified at EAL4

Check Point Endpoint Security Media Encryption is certified at EAL4

Integrity 6.5 Agent is certified at EAL4 with ALC_FLR.2, AVA_VLA.3

NFR Sentivist™ (now Check Point IPS-1™) is certified at EAL2, conformant to the US government IDS/IPS Protection Profile

Try it Now

FREE DEMO

Talk to a Specialist

FIND A PARTNER

Get Pricing

CONTACT SALES