NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Cisco Firepower NGIPS/NGIPSv 6.2 with FireSIGHT (FMC) and FMCv 6.2

Certificate Date:  2019.10.10

Validation Report Number:  CCEVS-VR-VID10918-2019

Product Type:    Firewall
   Wireless Monitoring

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.0 + Errata 20180314
  Extended Package for Intrusion Prevention Systems Version 2.11

CC Testing Lab:  Gossamer Security Solutions

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Target of Evaluation (TOE) is the Cisco Firepower NGIPS/NGIPSv 6.2 with FireSIGHT (FMC) and FMCv 6.2

The TOE is an Intrusion Detection and Prevention System, which consists of the FMC and Sensors. The FMC provides a centralized management console and event database for the system, and aggregates and correlates intrusion, discovery, and connection data from managed Sensors. Sensors monitor all network traffic for security events and violations, and can alert and/or block malicious traffic as defined in the intrusion and access control rules.  The TOE in the evaluated configuration deploys at least one FMC managing at one or more Sensors. Each model of the TOE consists of a set of appliances or virtual appliances which vary primarily based on the processing power, memory performance, disk space, and port density. The virtual appliances run on hypervisor ESXi and underlying UCS hardware models which also vary based on the processing power, memory performance, disk space, and port density.

Evaluated Configuration


The evaluated configuration consists of the following hardware and software:

TOE Configuration

Hardware Configurations              

Software Version

Cisco FirePOWER 7010

Cisco FirePOWER 7020

Cisco FirePOWER 7030

Cisco FirePOWER 7050

Cisco FirePOWER 7110

Cisco FirePOWER 7115

Cisco FirePOWER 7120

Cisco FirePOWER 7125

The Cisco FirePOWER 7000 Series provides high-performance IPS services including up to 12 monitoring interfaces, and up to 1.25 Gbps throughput.

NGIPS Release 6.2

Cisco FirePOWER 8120

Cisco FirePOWER 8130

Cisco FirePOWER 8140

Cisco FirePOWER 8250

Cisco FirePOWER 8260

Cisco FirePOWER 8270

Cisco FirePOWER 8290

Cisco FirePOWER 8350

Cisco FirePOWER 8360

Cisco FirePOWER 8370

Cisco FirePOWER 8390

The Cisco FirePOWER 8000 Series provides high-performance IPS services including up to 14 monitoring interfaces, and up to 60 Gbps throughput.

NGIPS Release 6.2

Cisco FirePOWER AMP 7150

Cisco FirePOWER AMP 8050

Cisco FirePOWER AMP 8150

Cisco FirePOWER AMP 8350

Cisco FirePOWER AMP 8360

Cisco FirePOWER AMP 8370

Cisco FirePOWER AMP 8390

The Cisco FirePOWER AMP Series provides high-performance IPS services including up to 28 monitoring interfaces, and up to 20 Gbps throughput.

NGIPS Release 6.2







The Cisco FireSIGHT Series provides centralized management console with up to 4 management interfaces, and up to 10 Gbps speed.

FMC Release 6.2

Virtual Appliances





B200-M4, B200-M5, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, E140S-M2/k9, E160S-M3, and E180D-M2/K9 including VM ESXi5.5 and 6.0.

Note that the NDcPP requires that no other guest virtual machines be installed on the Hypervisor.

FMCv Release 6.2

NGIPSv Release 6.2

Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 4, September 2012.    The product, when delivered and configured as identified in the Common Criteria Supplemental User Guide for Cisco Firepower NGIPS and NGIPSv 6.2 with FMC and FMCv 6.2, Version 1.0, September 16, 2019 document, satisfies all of the security functional requirements stated in the Cisco Firepower NGIPS/NGIPSv 6.2 with FireSIGHT (FMC) and FMCv 6.2 Security Target, Version 1.2, October 8, 2019.  The project underwent CCEVS Validator review.  The evaluation was completed in September 2019.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

The logical boundaries of the TOE are realized in the security functions that it implements. Each of these security functions is summarized below.

Security audit:

The TOE is designed to be able to generate logs for a wide range of security relevant events such as login attempts and management functions. TOE can be configured to store the logs locally so they can be accessed by an administrator or alternately to send the logs to an external syslog server over a secure communication channel. The timestamp included in the audit content can be manually set on FMC/FMCv and automatically synchronized with other TOE components. 


The TOE allows authorized administrators to control which Sensor is managed by the FMC. This is performed through a registration process over TLS. The administrator can also de-register a Sensor if they opt to no longer manage it through the FMC. 

Cryptographic support:

The TOE provides FIPS-certified algorithms to provide key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level cryptographic protocols including TLS, HTTPS, and SSH.

Identification and authentication:

The TOE requires users (i.e., administrators) to be successfully identified and authenticated before they can access any security management functions available in the TOE. The TOE offers both a locally connected console as well as network accessible interfaces (SSHv2 and HTTPS) for remote interactive administrator sessions.

The TOE supports the local (i.e., on device) definition of administrators with usernames and passwords. All authorized TOE users must have a user account with security attributes that control the user’s access to TSF data and management functions. These security attributes include user name, password, and roles for TOE users. In addition, the TOE supports X.509v3 certificate authentication for the external syslog server.

Optionally, the TOE can be configured to utilize the services of trusted RADIUS and LDAP servers in the operational environment to support, for example, centralized user administration.

Security management:

The TOE provides a web-based (using HTTPS) management interface for all TOE administration, including the IDS and access control rule sets, user accounts and roles, and audit functions. The ability to manage various security attributes, system parameters and all TSF data is controlled and limited to those users who have been assigned the appropriate administrative role.

The TOE also provides a command line interface (CLI) and shell access to the underlying operating system of the TOE components. The shell access must be restricted to off-line installation, pre-operational configuration, and maintenance and troubleshooting of the TOE. The CLI provides only a subset of the management functions provided by the web GUI and is only available on the Sensors. The use of the web GUI is highly recommended over the CLI.  

Security management relies on a management workstation in the operational environment with a properly supported web browser or SSH client to access the management interfaces.

Protection of the TSF:

The TOE implements a number of features design to protect itself to ensure the reliability and integrity of its security features. It protects particularly sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for log accountability) or can utilize a trusted time server in the operational environment.

The TOE ensures that data transmitted between separate parts of the TOE are protected from disclosure or modification. This protection is ensured by transmission of data between the TOE components over a secure, TLS-protected tunnel.

The TOE includes functions to perform self-tests so that it might detect when it is failing. It also includes mechanisms so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE.

TOE access:

The TOE can be configured to display an informative advisory banner when an administrator establishes an interactive session and subsequently enforce an administrator-defined inactivity timeout value after which the inactive session will be terminated. The administrators can also terminate their own interactive sessions when needed.

Trusted path/channels:

The TOE protects interactive communication with administrators using SSHv2 for CLI access or HTTPS for web GUI access. The TOE protects communication with network peers, such as a syslog server, using TLS connections. 


Intrusion Prevention System:

The TOE provides intrusion policies consisting of rules and configurations invoked by the access control policy. The intrusion policies are the last line of defense before the traffic is allowed to its destination. All traffic permitted by the access control policy is then inspected by the designated intrusion policy. Using intrusion rules and other preprocessor settings, these policies inspect traffic for security violations and, in inline deployments, can block or alter malicious traffic.

If the vendor-provided intrusion policies do not fully address the security needs of the organization, custom policies can improve the performance of the system in the environment and can provide a focused view of the malicious traffic and policy violations occurring on the network. By creating and tuning custom policies the administrators can configure, at a very granular level, how the system processes and inspects the traffic on the network for intrusions.

Using Security Intelligence, the administrators can blacklist—deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by the access control rules. Optionally, the administrators can use a “monitor-only” setting for Security Intelligence filtering.


Vendor Information

Cisco Systems, Inc.
Cert Team
Site Map              Contact Us              Home