NIAP: Archived U.S. Government Approved Protection Profile - collaborative Protection Profile for Stateful Traffic Filter Firewalls...
NIAP/CCEVS

Short Name: cpp_fw_v1.0

Technology Type: Firewall

CC Version: 3.1

Date: 27 February 2015

Transition End Date: 27 August 2015

Preceded By: pp_nd_tffw_ep_v1.0

Succeeded By: cpp_fw_v2.0

Sunset Date: 06 June 2018 [Sunset Icon]

Conformance Claim: None

 

PP OVERVIEW

This collaborative Protection Profile (cPP) defines requirements for the evaluation of Stateful Traffic Filter Firewalls. Such products are generally boundary protection devices, such as dedicated firewalls, routers, or perhaps even switches designed to control the flow of information between attached networks. While in some cases, firewalls implementing
security features serve to segregate two distinct networks – a trusted or protected enclave and an untrusted internal or external network such as the Internet – that is only one of many
possible applications. It is common for firewalls to have multiple physical network connections enabling a wide range of possible configurations and network information flow
policies.

Distributed TOEs are outside the scope of the current version of this cPP, but are expected to be included in the scope of the next version.

Assigned to the following Validated Products

Related Technical Decisions

  • 0291 – NIT technical decision for DH14 and FCS_CKM.1
  • 0235 – NIT Technical Decision adding DH group 14 to the selection in FCS_CKM.2
  • 0228 – NIT Technical Decision for CA certificates - basicConstraints validation
  • 0227 – NIT Technical Decision for TOE acting as a TLS Client and RSA key generation
  • 0226 – NIT Technical Decision for TLS Encryption Algorithms
  • 0225 – NIT Technical Decision for Make CBC cipher suites optional in IPsec
  • 0224 – NIT Technical Decision Making DH Group 14 optional in FCS_IPSEC_EXT.1.11
  • 0223 – NIT Technical Decision for "Expected" vs "unexpected" DNs for IPsec Communications
  • 0201 – NIT Technical Decision for Use of intermediate CA certificates and certificate hierarchy depth
  • 0200 – NIT Technical Decision for Password authentication for SSH clients
  • 0199 – NIT Technical Decision for Elliptic Curves for Signatures
  • 0195 – NIT Technical Decision Making DH Group 14 optional in FCS_IPSEC_EXT.1.11
  • 0191 – NIT Technical Decision for Using secp521r1 for TLS communication
  • 0189 – NIT Technical Decision for SSH Server Encryption Algorithms
  • 0188 – NIT Technical Decision for Optional use of X.509 certificates for digital signatures
  • 0187 – NIT Technical Decision for Clarifying FIA_X509_EXT.1 test 1
  • 0186 – NIT Technical Decision for Applicability of X.509 certificate testing to IPsec
  • 0185 – NIT Technical Decision for Channel for Secure Update.
  • 0184 – NIT Technical Decision for Mandatory use of X.509 certificates
  • 0183 – NIT Technical Decision for Use of the Supporting Document
  • 0182 – NIT Technical Decision for Handling of X.509 certificates related to ssh-rsa and remote comms.
  • 0181 – NIT Technical Decision for Self-testing of integrity of firmware and software.
  • 0170 – NIT Technical Decision for SNMPv3 Support
  • 0169 – NIT Technical Decision for Compliance to RFC5759 and RFC5280 for using CRLs
  • 0168 – NIT Technical Decision for Mandatory requirement for CSR generation
  • 0167 – NIT Technical Decision for Testing SSH 2^28 packets
  • 0160 – NIT Technical Decision for Transport mode and tunnel mode in IPSEC communications
  • 0156 – NIT Technical Decision for SSL/TLS Version Testing in the NDcPP v1.0 and FW cPP v1.0
  • 0154 – NIT Technical Decision for Versions of TOE Software in the NDcPP v1.0 and FW cPP v1.0
  • 0153 – NIT Technical Decision for Auditing of NTP Time Changes in the NDcPP v1.0 and FW cPP v1.0
  • 0152 – NIT Technical Decision for Reference identifiers for TLS in the NDcPP v1.0 and FW cPP v1.0
  • 0150 – NIT Technical Decision for Removal of SSH re-key audit events in the NDcPP v1.0 and FW cPP v1.0
  • 0143 – NIT Technical Decision for Failure testing for TLS session establishment in NDcPP and FWcPP
  • 0130 – NIT Technical Decision for Requirements for Destruction of Cryptographic Keys
  • 0126 – NIT Technical Decision for TLS Mutual Authentication
  • 0125 – NIT Technical Decision for Checking validity of peer certificates for HTTPS servers
  • 0117 – NIT Technical Decision for FIA_X509_EXT.1.1 Requirement in NDcPP
  • 0116 – NIT Technical Decision for a Typo in reference to RSASSA-PKCS1v1_5 in NDcPP and FWcPP
  • 0115 – NIT Technical Decision for Transport mode and tunnel mode in IPsec communication in NDcPP and FWcPP
  • 0114 – NIT Technical Decision for Re-Use of FIPS test results in NDcPP and FWcPP
  • 0113 – NIT Technical Decision for testing and trusted updates in the NDcPP v1.0 and FW cPP v1.0
  • 0112 – NIT Technical Decision for TLS testing in the NDcPP v1.0 and FW cPP v1.0.
  • 0111 – NIT Technical Decision for third party libraries and FCS_CKM.1 in NDcPP and FWcPP
  • 0095 – NIT Technical Interpretations regarding audit, random bit generation, and entropy in NDcPP
  • 0094 – NIT Technical Decision for validating a published hash in NDcPP
  • 0093 – NIT Technical Decision for FIA_X509_EXT.1.1 Requirement in NDcPP
  • 0090 – NIT Technical Decision for FMT_SMF.1.1 Requirement in NDcPP

Please forward any questions or comments to pp-comments@niap-ccevs.org

Site Map              Contact Us              Home