NIAP: Archived U.S. Government Approved Protection Profile - collaborative Protection Profile for Stateful Traffic Filter Firewalls...

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Archived PPs  »»  Details  
Archived U.S. Government Approved Protection Profile - collaborative Protection Profile for Stateful Traffic Filter Firewalls Version 2.0

Short Name: cpp_fw_v2.0

Technology Type: Firewall

CC Version: 3.1

Date: 2017.12.06

Transition End Date: 2018.06.06

Preceded By: cpp_fw_v1.0

Succeeded By: cpp_fw_v2.0e

Sunset Date: 2018.03.14 [Sunset Icon]

Conformance Claim: None

Protection Profile [PDF]

Supporting Docs [PDF]



This collaborative Protection Profile (cPP) defines requirements for the evaluation of Stateful Traffic Filter Firewalls. Such products are generally boundary protection devices, such as dedicated firewalls, routers, or perhaps even switches designed to control the flow of information between attached networks. While in some cases, firewalls implementing security features serve to segregate two distinct networks – a trusted or protected enclave and an untrusted internal or external network such as the Internet – that is only one of many possible applications. It is common for firewalls to have multiple physical network connections enabling a wide range of possible configurations and network information flow policies.

The TOE may be standalone or distributed, where a distributed TOE is one that requires multiple distinct components to operate as a logical whole in order to fulfil the requirements of this cPP (a more extensive description of distributed Stateful Traffic Filter Firewall TOEs is given in section 3). 

A Virtual Stateful Traffic Filter Firewall (vTFFW) is a software implementation of firewall functionality that runs inside a virtual machine. This cPP expressly excludes evaluation of vTFFWs unless the product is able to meet all the requirements and assumptions of a physical TFFW as required in this cPP.


This means: 

• The virtualisation layer (or hypervisor or Virtual Machine Manager (VMM)) is considered part of the TFFW's software stack, and thus is part of the TOE and must satisfy the relevant SFRs (e.g. by treating hypervisor Administrators as Security Administrators)2. vTFFWs that can run on multiple VMMs must be tested on each claimed VMM unless the vendor can successfully argue equivalence. 


• The physical hardware is likewise included in the TOE (as in the example included above). vTFFWs must be tested for each claimed hardware platform unless the vendor can successfully argue equivalence.


• There is only one vTFFW instance for each physical hardware platform.


• There are no other guest VMs on the physical platform providing non-stateful traffic filtering firewall functionality.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Archived Related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home