Compliant Product - Palo Alto Networks WF-500 with WildFire 9.0
Certificate Date: 2020.07.20CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11081-2020
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.1
CC Testing Lab: Leidos Common Criteria Testing Laboratory
The TOE is the Palo Alto Networks WF-500 appliance, which utilizes the WildFire 9.0.9 software. It receives samples from Palo Alto Networks Firewalls sent to it via the network configuration defined, and automatically detects and prevents zero-day exploits and malware with its on-premise analysis that meets privacy and regulatory requirements by vendors.
The WF-500 appliance is the only TOE model included in the evaluation.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the collaborative Protection Profile for Network Devices. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered configured as identified in the guidance document, satisfies the security functional requirements stated in the Palo Alto Networks WF-500 with WildFire 9.0 Security Target. The evaluation was completed in July 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE is designed to be able to generate logs for a variety of security relevant events including the events specified in NDcPP. The TOE can be configured to store the logs locally or can be configured to send the logs to a designated external log server.
The TOE implements NIST validated cryptographic algorithms that provide key management, random bit generation, encryption/decryption, digital signature and cryptographic hashing and keyed-hash message authentication features in support of cryptographic protocols such as TLS and SSH. In order to utilize these features, the TOE must be configured in FIPS-CC mode.
Identification and Authentication
The TOE requires that all users that access the TOE be successfully identified and authenticated before they can have access to any security functions that are available in the TOE. The TOE offers functions through connections using SSH for administrators.
The TOE supports the local definition and authentication of administrators with username, password, SSH keys, and role that it uses to authenticate the operator. These items are associated with an operator and an authorized role for access to the TOE.
The TOE provides access to the security management features using the CLI. Security management commands are limited to administrators and only available after the operator has successfully authenticated himself or herself to the TOE. The TOE provides access to these services via direct RJ-45 Ethernet connection and remotely using an SSHv2 client.
Protection of the TSF
The TOE implements features designed to protect itself, and to ensure the reliability and integrity of its security functions.
Stored passwords and cryptographic keys are protected so that unauthorized access does not result in sensitive data being lost, and the TOE also contains various self-tests so that it can detect if there are any errors with the system or if malicious activity has occurred. The TOE provides its own timing mechanism to ensure that reliable time information is present. The TOE uses digital signature mechanisms when performing trusted updates to ensure installation of software is valid and authenticated properly.
The TOE provides the ability for both TOE and user-initiated locking of the interactive sessions for the TOE termination of an interactive session after a period of inactivity is observed. Additionally, the TOE is able to display an advisory message regarding unauthorized use of the TOE before establishing a user session.
The TOE protects interactive communication with remote administrators using SSH. Communication with other devices and services (such as a Syslog server) are protected using TLS.
Palo Alto Networks