NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Pulse Connect Secure 8.2 on Virtual Appliance and Pulse Policy Secure 5.3 on Virtual Appliance

Certificate Date:  2018.04.05

Validation Report Number:  CCEVS-VR-VID10829-2018

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 1.0

CC Testing Lab:  Acumen Security

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The TOE is classified as a virtualized network device (a Virtual Appliance that can be connected to a network). The Virtual Appliance consists of Pulse Connect Secure (PCS) 8.2 and Pulse Policy Secure (PPS) 5.3. The appliance’s software is built on IVE OS 2.0. The TOE consists of the Virtual Appliance, the VM hypervisor and the hardware platform all of which are delivered with the TOE. Thus, the TOE is considered to be a network device as defined in NDcPP v1.0 modified by TDs #0096 and #0023.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the PulseSecure Virtual Appliance was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered and configured as identified in the Operational User Guidance and Preparative Procedures, satisfies all of the security functional requirements stated in the Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in April 2018.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

The logical boundary of the TOE includes those security functions implemented exclusively by the TOE.


The TOE generates audit records for security relevant events. The TOE maintains a local audit log as well as sending the audit records to a remote Syslog server. Audit records sent to the remote server are protected by a TLS connection. Each audit record includes identity (username, IP address, or process), date and time of the event, type of event, and the outcome of the event. The TOE prevents modification to the local audit log.

Cryptographic Operations

The TOE implements CAVP validated cryptographic algorithms for random bit generation, encryption/decryption, authentication, and integrity protection/verification. These algorithms are used to provide security for the TLS and HTTPs connections as well as verifying firmware updates.

Identification and Authentication

The TOE authenticates administrative users using a username/password or username/X.509 certificate combination. The TOE does not allow access to any administrative functions prior to successful authentication.

The TOE supports passwords consisting of alphanumeric and special characters and enforces minimum password lengths. The TSF supports and certificates using RSA or ECDSA signature algorithms.

The TOE allows only users to view the login warning banner and send/receive ICMP packets prior to authentication.

Security Management

The TOE allows users with the Security Administrator role to administer the TOE over a remote web UI or a local CLI. These interfaces do not allow the Security Administrator to execute arbitrary commands or executables on the TOE.

The TOE can also receive configuration updates from a Pulse One management server.

Protection of the TSF

The TOE implements a number of self-protection mechanisms. It does not provide an interface for the reading of secret or private keys. The TOE ensures timestamps, timeouts, and certificate checks are accurate by maintaining a real-time clock as well as polling an NTP server to minimize drift. Upon startup, the TOE runs a suite of self-tests to verify that it is operating correctly. The TOE also verifies the integrity and authenticity of firmware updates by verifying a digital signature of the update prior to installing it.

TOE Access

The TOE can be configured to display a warning and consent banner when an administrator attempts to establish an interactive session over the local CLI or remote web UI. The TOE also enforces a configurable inactivity timeout for remote and local administrative sessions.

Trusted Path/Channels

The TOE uses TLS to provide a trusted communication channel between itself and remote Syslog servers. The trusted channels utilize X.509 certificates to perform mutual authentication. The trusted channel with the Pulse One server utilizes HAWK authentication to perform mutual authentication. The TOE initiates the TLS trusted channel with both types of remote server.

The TOE uses HTTPs/TLS to provide a trusted path between itself and remote administrative users. The TOE does not implement any additional methods of remote administration. The remote administrative users are responsible for initiating the trusted path when they wish to communicate with the TOE.

Unevaluated Functionality

The TOE includes the following functionality that is not covered this Security Target and the associated evaluation:

             Layer 3 SSL VPN

             Application VPN

             Endpoint Integrity and Assessment

             Layer 7 Web single sign-on (SSO) via SAML

             Mobile Device Management Integration

             Network Security and Application Access Control Integration


             Guest Access

             Anti-Malware Protection and Patch Assessment

             Firewall Listening Service

These features may be used in the evaluated configuration; however, no assurance as to the correct operation of these features is provided.

Excluded Functionality

The TOE includes the following functionality that may not be enabled or used in in the CC evaluated configuration:

             DMI Agent

             SNMP Traps

             External Authentication Servers for administrator authentication

Vendor Information

Pulse Secure, LLC
Pulse Secure, LLC
Site Map              Contact Us              Home