Compliant Product - Check Point VSX R67 with Provider-1 R71
Certificate Date: 11 June 2012
Validation Report Number: CCEVS-VR-10375-2012
Product Type: Firewall, IDS/IPS, Security Management, VPN
Conformance Claim: EAL4 Augmented with ALC_FLR.3
U.S. Government Protection Profile for Traffic Filter Firewall in Basic Robustness Environments Version 1.1
U.S. Government Protection Profile Intrusion Detection System - System for Basic Robustness Environments, Version 1.7, dated July 25, 2007
CC Testing Lab: SAIC Common Criteria Testing Laboratory
The TOE is one or more gateway devices managed by a Provider-1 management server, using management GUI interfaces. The product provides controlled connectivity between two or more network environments. It mediates information flows between clients and servers located on internal and external networks governed by the firewalls.
The claimed security functionality described in the Security Target is a subset of the product's full functionality. The evaluated configuration is a subset of the possible configurations of the product, established according to the evaluated configuration guidance.
The security functionality within the scope of the evaluation included traffic filtering, where virtual systems run information flow control programs coded in Check Point’s patented INSPECT language; intrusion detection and prevention (IDS/IPS) integrated with the traffic-filtering functionality, matching traffic with predefined attack signatures, and providing recording, analysis and reaction capabilities , IKE/IPSec and SSL virtual private networking (VPN) , network address translation (NAT), centralized security management, auditing, and fault tolerance.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 3. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the TOE is EAL 4 augmented with ALC_FLR.3. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Several validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in May 2012. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Check Point VSX prepared by CCEVS.
Check Point VSX R67.10 in Combination with Provider-1 R71 with R7x hotfix is a virtualization environment for the implementation of network traffic information flow controls, providing controlled connectivity between two or more network environments. The TOE provides security functionality that includes traffic filtering, intrusion detection and prevention (IDS/IPS), IKE/IPSec and SSL virtual private networking (VPN), and network address translation (NAT), as well as security management, audit and Protection of the TSF. Check Point VSX provides a level of protection that is appropriate for IT environment that require that information flows be controlled and restricted among network nodes where the Check Point components can be appropriately protected from physical attacks.