Compliant Product - FortiGate/FortiOS 6.4
Certificate Date: 2023.03.09CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11296-2023
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
collaborative Protection Profile Module for Stateful Traffic Filter Firewalls v1.4 + Errata 20200625
PP-Module for Virtual Private Network (VPN) Gateways Version 1.1
CC Testing Lab: Lightship Security USA, Inc.
Administrative Guide: FortiOS Version 6.4.9
Administrative Guide: FortiOS - VMware ESXi Version 6.4
Administrative Guide: FIPS 140-2 and NDcPP Common Criteria Technote
Administrative Guide: FortiOS - Parallel Path Processing Version 6.4.0
Administrative Guide: FortiOS - CLI Reference Version 6.4.9
Administrative Guide: FortiOS - Hardware Acceleration Guide Version 6.4.9
Administrative Guide: NDcPP Common Criteria Logging Addendum
The TOE is a family of FortiGate next-generation firewall (NGFW) appliances running FortiOS software. The TOE provides high performance, multilayered validated security and granular visibility for end-to-end protection across the entire enterprise.
The TOE is FortiGate/FortiOS 6.4 Version 6.4 (FIPS-CC-64-6) running on a physical or virtual device.
The physical boundary of the TOE includes the FortiGate hardware models and the virtual appliances shown below. The virtual appliances are evaluated as virtual Network Devices (vND), which is case 1 of Section 1.2 of NDcPP v2.2e.
TOE Virtual Appliance and Related Hardware
* Provided with PacStar 451/455
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which FortiGate/FortiOS 6.4 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5. The product, when configured as identified in the FortiOS 6.4 and FortiGate NGFW Appliances FIPS140-2 and Common Criteria Technote, March 9, 2023 01-649-0773518-20230309, satisfies all of the security functional requirements stated in the FortiGate/FortiOS 6.4 Security Target, Version 1.2, March 2023. The project underwent CCEVS Validator review. The evaluation was completed in March 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (Report Number CCEVS-VR-VID11296-2023) prepared by CCEVS.
The TOE provides the following security functions:
a) Security Audit. The TOE generates logs for auditable events. These logs can be stored locally in protected storage and/or exported to an external audit server via a secure channel.
b) Cryptographic Support. The TOE implements a variety of key generation and cryptographic methods to provide protection of data both in transit and at rest within the TOE. In the evaluated configuration, the TOE is in FIPS mode to support the cryptographic functionality. The TOE implements cryptographic protocols such as SSH, TLS, HTTPS, and IPsec.
c) Residual Data Protection. The TOE ensures that data cannot be recovered once deallocated.
d) Stateful Traffic and Packet Filtering. The TOE allows for the configuration and enforcement of stateful packet filtering/firewall rules on all traffic traversing the TOE.
e) Identification and Authentication. The TOE implements mechanisms to ensure that users are both identified and authenticated before any access to TOE functionality or TSF data is granted. Remote login attempts are limited to an administrator-configured threshold, after which the user must wait for a defined period of time before login attempts can be made. It provides the ability to both assign attributes (user names, passwords and roles) and to authenticate users against these attributes. The TOE also provides X.509 certificate validation for its TLS and IPsec connections.
f) Security Management. The TOE provides a suite of management functionality, allowing for full configuration of the TOE by an authorized administrator.
g) Protection of the TSF. The TOE implements a number of protection mechanisms (including authentication requirements, self-tests and trusted update) to ensure the protection of the TOE and all TSF data. The TOE maintains its own time source free from outside interference for the purpose of generating logs and executing time sensitive operations.
h) TOE Access. The TOE provides session management functions for local and remote administrative sections. Administrative sessions have a defined lifetime for both local and remote sessions, users connecting to the TOE will be presented with a warning and consent banner prior to authentication.
i) Trusted Path/Channels. The TOE provides secure channels between itself and local/remote administrators and other devices to ensure data security during transit.