Archived U.S. Government Approved Protection Profile - U.S. Government Protection Profile for Traffic Filter Firewall in Basic Robustness Environments Version 1.1
Short Name: pp_fw_tf_br_v1.1
Technology Type: Firewall
CC Version: 3.1
Date: 25 July 2007
Preceded By: pp_fw_tf_lr_v1.1
Sunset Date:
01 June 2011
![[Sunset Icon]](/assets/images/pp-icon-sunset.gif "[Sunset Icon]"){kind=icon}
Conformance Claim: EAL2 Augmented
![[PDF]](/assets/images/icon_pdf.gif "[PDF]"){kind=icon}
Please note: This serves as an addendum to the VR for the Original Evaluated PP
PP OVERVIEW
Herewith a brief summary, sufficiently detailed to enable a potential user to determine whether the PP is of interest.
This traffic-filter firewall Protection Profile defines the minimum security requirements for firewalls used by U.S Government organizations handling unclassified information in a low-risk environment. Firewalls may consist of one or more devices that act as part of an organization’s overall security defense by isolating an organization’s internal network from the Internet or other external networks. Firewalls pass and block information flows based on a set of screening rules defined by an authorized administrator. This Protection Profile applies to firewalls that are capable of screening network traffic at the network and transport protocol levels, authenticating the authorized administrator for actions at the firewall, and auditing security-relevant events that occur.
ASSURANCE MAINTENANCE
July 25, 2007 – Assurance maintenance has been performed on this protection profile to update it to the common criteria version 3.1. This update caused a change in version number (from 1.0 to 1.1) that indicates an update has occurred. The updates included revisions based on the assurance requirements of the CC 3.1, removal of FPT_SEP and FPT_RVM since it is now covered by ADV_ARC and replacement of Explicitly stated requirements with Extended requirements (only the nomenclature changed and not the requirements.) Cryptographic functional requirements were also revised to reflect the latest updated standards.
Assigned to the following Validated Products
- VID10387 – Check Point Software Blades R7x
- VID10375 – Check Point VSX R67 with Provider-1 R71
- VID10429 – Cisco 5940 Series Embedded Services Router
- VID10425 – Cisco Integrated Service Routers (ISR): Cisco 800 Series ISRs: 881, 881G and 891; Cisco 1900 Series ISRs: 1905, 1921, and 1941; Cisco 2900 Series ISRs: 2901, 2911, 2921 and 2951; Cisco 3900 Series ISRs: 3925, 3925E, 3945 and 3945E; running IOS 15.1.2T3
- VID10470 – Hewlett-Packard Networking A-Series Routers: MSR30, MSR50, 6600, and 8800
- VID10468 – Hewlett-Packard Networking A-Series Switches with VPN Firewall Module: 12500, 9500 and 7500
- VID10452 – Juniper Networks Security Appliances: ISG 1000, ISG2000, NetScreen 5200, NetScreen 5400, SSG5, SSG20, SSG140, SSG320M, SSG350M, SSG520M and SSG550M with ScreenOS Version 6.3
- VID10330 – Palo Alto Networks Inc. PA-2000 Series and PA-4000 Series Firewall
Please forward any questions or comments to pp-comments@niap-ccevs.org
SEARCH CCEVS
Announcements
Quick Links
» Product Compliant ListAvailable products to assist in making a more secure infrastructure.
» Approved Protection ProfilesApproved protection profiles for use by vendors.
» NIAP Technical CommunitiesNIAP Technical Communities are key to the development of new Protection Profiles.
» Find an Accredited LabFind a lab to evaluate your product.
» NIAP FAQsFind answers to commonly asked questions.
» Getting AccreditedHow to become an NVLAP Accredited Lab.
