Compliant Product - Palo Alto Networks WF-500 WildFire 10.1
Certificate Date: 2022.08.04CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11286-2022
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: Leidos Common Criteria Testing Laboratory
The TOE is the Palo Alto Networks WF-500 appliance, which utilizes the WildFire 10.1 software. It receives samples from Palo Alto Networks Firewalls sent to it via the network configuration defined, and automatically detects and prevents zero-day exploits and malware with its on-premise analysis that meets privacy and regulatory requirements by vendors.
The WF-500 appliance is the only TOE model included in the evaluation.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the collaborative Protection Profile for Network Devices, Version 2.2e, March 23, 2020 [NDcPP]. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the guidance document, satisfies all security functional requirements stated in the Palo Alto Networks WF-500 WildFire 10.1 Security Target, Version 1.0, August 1, 2022. The evaluation was completed in August 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE is designed to be able to generate logs for a variety of security relevant events including the events specified in NDcPP. The TOE can be configured to store the logs locally or can be configured to send the logs to a designated external log server.
The TOE implements NIST validated cryptographic algorithms that provide key management, random bit generation, encryption/decryption, digital signature and cryptographic hashing and keyed-hash message authentication features in support of cryptographic protocols such as TLS and SSH. In order to utilize these features, the TOE must be configured in FIPS-CC mode.
Identification and Authentication
The TOE requires that all users that access the TOE be successfully identified and authenticated before they can have access to any security functions that are available in the TOE. The TOE offers functions through connections using SSH for administrators.
The TOE supports the local definition and authentication of administrators with username, password, SSH keys, and role that it uses to authenticate the operator. These items are associated with an operator and an authorized role for access to the TOE. The TOE uses X.509 certificates to support TLS authentication.
The TOE provides access to the security management features using a Command Line Interface (CLI). CLI commands are transmitted over SSH for both local and remote connections. Security management commands are limited to administrators and only available after the operator has successfully authenticated themselves to the TOE. The TOE provides access to these services via direct RJ-45 Ethernet connection and remotely using an SSHv2 client. The product also includes a console port, but once FIPS-CC mode is enabled, the console port is disabled.
Protection of the TSF
The TOE implements features designed to protect itself, and to ensure the reliability and integrity of its security functions.
Stored passwords and cryptographic keys are protected so that unauthorized access does not result in sensitive data being lost, and the TOE also contains various self-tests so that it can detect if there are any errors with the system or if malicious activity has occurred. The TOE provides its own timing mechanism to ensure that reliable time information is present. The TOE uses digital signature mechanisms when performing trusted updates to ensure installation of software is valid and authenticated properly.
The TOE provides the ability for both TOE and user-initiated locking of the interactive sessions for the TOE termination of an interactive session after a period of inactivity is observed. Additionally, the TOE is able to display an advisory message regarding unauthorized use of the TOE before establishing a user session.
The TOE protects interactive communication with remote administrators using SSH. Communications with other devices and services (such as a Syslog server) are protected using TLS and X.509 certificates to support TLS authentication.
Palo Alto Networks, Inc.