Compliant Product - Palo Alto Networks WF-500 with WildFire 8.1.11
Certificate Date: 2020.01.30CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11032-2020
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.1
CC Testing Lab: Leidos Common Criteria Testing Laboratory
Palo Alto Networks WF-500 WildFire 8.1.11. The WF-500 appliance is the only physical model included in the evaluation.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme against the collaborative Protection Profile for Network Devices, Version 2.1 (NDcPP). The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered configured as identified in the guidance document, satisfies all of the security functional requirements stated in the Palo Alto Networks WF-500 WildFire 8.1.11 Security Target. The product underwent CCEVS Validator Review. The evaluation was completed in January 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (CCEVS-VR-VID11032-2020) prepared by CCEVS.
The Palo Alto Networks WF-500 WildFire 8.1.11 is designed to generate logs for a variety of security relevant events including the events specified in NDcPP. The appliance can be configured to store the logs locally or can be configured to send the logs to a designated external log server.
The Palo Alto Networks WF-500 WildFire 8.1.11 implements NIST validated cryptographic algorithms that provide key management, random bit generation, encryption/decryption, digital signature and cryptographic hashing and keyed-hash message authentication features in support of cryptographic protocols such as IPsec, TLS, and SSH. In order to utilize these features, the TOE must be configured in FIPS-CC mode.
Identification and Authentication
The Palo Alto Networks WF-500 WildFire 8.1.11 requires that all users that access the appliance be successfully identified and authenticated before they can have access to any security functions that are available in the WF-500 WildFire 8.1.11. The appliance offers functions through connections using SSH for administrators.
The Palo Alto Networks WF-500 WildFire 8.1.11 supports the local definition and authentication of administrators with username, password, SSH keys, and role that it uses to authenticate the operator. These items are associated with an operator and an authorized role for access to the WF-500 WildFire 8.1.11.
The Palo Alto Networks WF-500 WildFire 8.1.11 provides access to the security management features using the CLI. CLI commands are transmitted over SSH for both local and remote connections. Security management commands are limited to administrators and only available after the operator has successfully authenticated himself or herself to the appliance. The appliance provides access to these services via direct RJ-45 Ethernet connection and remotely using an SSHv2 client. The product also includes a console port, but once FIPS-CC enabled, the console port is disabled.
Protection of the TSF
The Palo Alto Networks WF-500 WildFire 8.1.11 implements features designed to protect itself, and to ensure the reliability and integrity of its security functions.
Stored passwords and cryptographic keys are protected so that unauthorized access does not result in sensitive data being lost. The WF-500 WildFire 8.1.11 also contains various self-tests so that it can detect if there are any errors with the system or if malicious activity has occurred. The WF-500 WildFire 8.1.11 provides its own timing mechanism to ensure that reliable time information is present. The WF-500 WildFire 8.1.11 uses digital signature mechanisms when performing trusted updates to ensure installation of software is valid and authenticated properly.
The Palo Alto Networks WF-500 WildFire 8.1.11 provides the ability for both WF-500 WildFire 8.1.11 and user-initiated locking of the interactive sessions for the appliance termination of an interactive session after a period of inactivity is observed. Additionally, the WF-500 WildFire 8.1.11 is able to display an advisory message regarding unauthorized use of the TOE before establishing a user session.
The Palo Alto Networks WF-500 WildFire 8.1.11 protects interactive communication with remote administrators using SSH and also protects communication between itself and other WildFire devices using IPsec. Communication with other devices and services (such as a Syslog server) are protected using TLS.
Palo Alto Networks