NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
|
|
|
U.S. Government Approved Protection Profile - collaborative Protection Profile Module for Stateful Traffic Filter Firewalls v1.4 + Errata 20200625
Short Name:
mod_cpp_fw_v1.4e
Technology Type:
Firewall
CC Version:
3.1
Date:
2020.07.01
Preceded By:
mod_cpp_fw_v1.3
Conformance Claim:
None
Protection Profile
Supporting Docs
PP Configuration for NDcPP-FW_v1.4e
Control Mapping
PP-Configuration for NDcPP-FW-VPNGW_V.1.1
PP-Configuration for NDcPP-IPS-FW_V1.0
PP-Configuration for NDcPP-IPS-FW-VPNGW_V1.0
PP Configuration for NDcPP-FW-VPNGW_V1.2
PP Configuration for NDcPP-IPS-FW-VPNGW_v1.1
PP Configuration for NDcPP-WLANAS-FW-VPNGW_v1.0
PP Configuration for CFG_NDcPP-FW-MACsec-VPNGW_v1.0
PP Configuration Document for NDcPP-FW-MACsec-VPNGW_v1.1
PP Configuration Document for NDcPP-FW-VPNGW_v1.3
PP Configuration Document for NDcPP-WLANAS-FW-VPNGW_v1.1
PP Configuration Document for NDcPP-IPS-FW-VPNGW_V1.2
PP Configuration Document for NDcPP-FW-MACsec-VPNGW_v2.0
PP Configuration Document for NDcPP-FW_v2.0
PP Configuration Document for NDcPP-FW-VPNGW_v2.0
PP Configuration Document for NDcPP-IPS-FW_v2.0
PP Configuration Document for NDcPP-IPS-FW-VPNGW_v2.0
PP Configuration Document for NDcPP-WLANAS-FW-VPNGW_v2.0
PP OVERVIEW
This PP-Module defines requirements for the evaluation of Stateful Traffic Filter Firewalls in addition to the requirements of the Base-PP which specifies requirements on network devices in general. A Stateful Traffic Filter Firewall shall be regarded as a specific type of network device which provides the security functions of residual information protection and stateful traffic filtering, in addition to those that are expected of all generic network devices. Occurrences of the term 'Network Device' in the Base-PP shall be read as 'Stateful Traffic Filter Firewall' when used in conjunction with this PP-Module, as a TOE that conforms to this PP-Module will also conform to the Base-PP. Such products are generally boundary protection devices, such as dedicated firewalls, routers, or perhaps even switches designed to control the flow of information between attached networks. While in some cases, firewalls implementing security features serve to segregate two distinct networks – a trusted or protected enclave and an untrusted internal or external network such as the Internet – that is only one of many possible applications. It is common for firewalls to have multiple physical network connections enabling a wide range of possible configurations and network information flow policies.
Assigned to the following Validated Products
-
VID11236 – Junos OS 20.3R3 for NFX350
-
VID11255 – Cisco Adaptive Security Appliances (ASA) 9.16 on Firepower 1000 and 2100 Series
-
VID11256 – Cisco ASA 9.16 on Firepower 4100 and 9300 Security Appliances
-
VID11257 – Cisco Adaptive Security Appliances (ASA) 5500-X, Industrial Security Appliances (ISA) 3000 and Adaptive Security Appliances Virtual (ASAv) Version 9.16
-
VID11284 – Palo Alto Networks PA-220 Series, PA-400 Series, PA-800 Series, PA-3200 Series, PA-5200 Series, PA-5450, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 10.1
-
VID11290 – Cisco FTD (NGFW) 7.0 on Firepower 1000 and 2100 Series with FMC/FMCv
-
VID11292 – Cisco FTD (NGFW) 7.0 on Firepower 4100 and 9300 Series with FMC/FMCv
-
VID11296 – FortiGate/FortiOS 6.4
-
VID11300 – Cisco FTD (NGFW) 7.0 on ASA 5500 and ISA 3000 and FTDv with FMC/FMCv
-
VID11310 – ID Technologies GoSilent Cube + GoSilent Server v25.01
-
VID11333 – Aruba Mobility Controller with ArubaOS 8.10
-
VID11343 – Forcepoint NGFW 6.10.9
-
VID11397 – Juniper vSRX3.0 with Junos OS 22.2R2
-
VID11431 – Versa Networks Versa Secure SD-WAN Versa Operating System (VOS) 22.1 running on CSG1500, CSG2500, CSG3500, CSG5000, Dell PowerEdge R7515, and Dell VEP4600, Versa Director 22.1, and Versa Analytics 22.1
-
F5 BIG-IP® 16.1.3.1 including AFM
-
Junos OS 22.2R1 for SRX Series
Active Related Technical Decisions
|