Ärendetyp: 6 Diarienummer: 17FMV6870-43:1
HEMLIG/
enligt Offentlighets- och sekretesslagen
(2009:400)
2019-02-01
Country of origin: Sweden
Försvarets materielverk
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
Issue: 2.0, 2019-feb-01
Products covered in this Certification Report:
 Blue Coat ProxySG,
 Blue Coat Reverse Proxy
 Blue Coat Reverse Proxy Virtual Appliance
 Blue Coat Secure Web Gateway Virtual Appliance
 Symantec Advanced Secure Gateway
Authorisation: Helén Svensson, Lead Certifier , CSEC
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
2 (19)
Table of Contents
1 Executive Summary 3
2 Identification 5
3 Security Policy 6
3.1 Security Audit 6
3.2 Cryptographic Support 6
3.3 Identification and Authentication 6
3.4 Security Management 6
3.5 Protection of the TSF 7
3.6 TOE Access 7
3.7 Trusted Path/Channels 7
4 Assumptions and Clarification of Scope 8
4.1 Usage Assumptions 8
4.2 Environmental Assumptions 8
4.3 Organisational Security Policies (OSPs), 8
4.4 Clarification of Scope 9
5 Architectural Information 11
6 Documentation 13
7 IT Product Testing 14
7.1 Evaluator Testing 14
7.2 Penetration Testing 14
8 Evaluated Configuration 15
9 Results of the Evaluation 16
10 Evaluator Comments and Recommendations 17
11 Glossary 18
12 Bibliography 19
A.1 Scheme/Quality Management System 19
A.2 Scheme Notes 19
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
3 (19)
1 Executive Summary
The Target of Evaluation, TOE, is a network device. The purpose of the TOE is to
provide a layer of security between an Internal and External Network (typically an of-
fice network and the Internet). The TOE allows administrators to create and manage
configurable policies on controlled protocol traffic to and from the Internal Network
users. A policy may include authentication, authorization, content filtering, and audit-
ing.
The TOE is the Blue Coat ProxySG, Blue Coat RP, Blue Coat RP VA, Blue Coat
SWG VA, and Symantec ASG. The ProxySG, RP, and ASG run on the S400 and
S500 hardware platforms. The SWG VA and RP VA are virtual appliances and are not
tied to any specific hardware.
The TOE software is the following:
 Version 6.7.3.103
 Build 216856 (ProxySG, Reverse Proxy, Reverse Proxy Virtual Appliance, Secure
Web Gateway Virtual Appliance)
 Build 216878 (Advanced Secure Gateway)
According to [CCADM] section 1.4 Configuration Constraints, SAML Authentication
should not be used in the evaluated configuration.
The ST claims conformance to Collaborative Protection Profile for Network Devices,
Version 1.0, 27 February 2015. The NIT technical decisions that have been applied to
the Network Device Collaborative Protection Profile can be found in the ST.
There are six assumptions being made in the ST regarding the secure usage and envi-
ronment of the TOE. The TOE relies on these to counter the nine threats and comply
with the one organisational security policy (OSP) in the ST. The assumptions, the
threat and the OSP are described in chapter 4 Assumptions and Clarification of Scope.
The evaluation has been performed by Combitech AB and EWA-Canada. The evalua-
tion was completed in 2018-09-28. The evaluation was conducted in accordance with
the requirements of Common Criteria, version 3.1, release 5, and the Common Meth-
odology for IT Security Evaluation, version 3.1, release 5. The evaluation was per-
formed at the evaluation assurance level EAL 1, augmented by ASE_SPD.1 Security
Problem Definition.
Combitech AB is a licensed evaluation facility for Common Criteria under the Swe-
dish Common Criteria Evaluation and Certification Scheme. Combitech AB is also
accredited by the Swedish accreditation body SWEDAC according to ISO/IEC 17025
for Common Criteria evaluation. EWA-Canada operates as a Foreign location for
Combitech AB within scope of the Swedish Common Criteria Evaluation and Certifi-
cation Scheme.
The certifier monitored the activities of the evaluators by reviewing all successive ver-
sions of the evaluation reports. The certifier determined that the evaluation results
confirm the security claims in the Security Target [ST], and have been reached in
agreement with the requirements of the Common Criteria and the Common Methodol-
ogy for evaluation assurance level:
EAL 1 + ASE_SPD.1 and in accordance with the NDcPP v1.0 Evaluation Activities.
The technical information in this report is based on the Security Target (ST) and the
Final Evaluation Report (FER) produced by Combitech AB.
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
4 (19)
The certification results only apply to the version of the product indicated in the
certificate, and on the condition that all the stipulations in the Security Target are
met.
This certificate is not an endorsement of the IT product by CSEC or any other or-
ganisation that recognises or gives effect to this certificate, and no warranty of the
IT product by CSEC or any other organisation that recognises or gives effect to this
certificate is either expressed or implied.
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
5 (19)
2 Identification
Certification Identification
Certification ID CSEC2017010
Name and version of the cer-
tified IT product
Blue Coat ProxySG, Blue Coat Reverse Proxy, Blue
Coat Reverse Proxy Virtual Appliance, Blue Coat
Secure Web Gateway Virtual Appliance, and the Sy-
mantec Advanced Secure Gateway, Version
6.7.3.103, Build 216856 (ProxySG, Reverse Proxy,
Reverse Proxy Virtual Appliance, Secure Web Gate-
way Virtual Appliance), Build 216878 (Advanced
Secure Gateway)
 S400-20
 S400-30
 S400-40
 S500-10
 S500-20
 S500-30
Security Target Identification Symantec Corporation Blue Coat ProxySG, Blue
Coat Reverse Proxy, Blue Coat Reverse Proxy Vir-
tual Appliance, Blue Coat Secure Web Gateway Vir-
tual Appliance, and Symantec Advanced Secure
Gateway Software Version: 6.7 Security Target, ver-
sion 1.6, 2019-01-15
EAL EAL1 + SPD.1 and NDcPP v1.0
Sponsor Symantec Corporation
Developer Symantec Corporation
ITSEF Combitech AB
Common Criteria version 3.1 release 5
CEM version 3.1 release 5
QMS version 1.21.4
Recognition Scope CCRA, SOGIS och EA/MLA
Certification date 2018-11-06
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
6 (19)
3 Security Policy
The TOE provides the following security services:
 Security Audit
 Cryptographic Support
 Identification and Authentication
 Security Management
 Protection of the TSF
 TOE Access
 Trusted Path/Channels
3.1 Security Audit
The Network Appliances provide extensive auditing capabilities. The TOE generates a
comprehensive set of audit logs that identify specific TOE operations. For each event,
the TOE records the date and time of each event, the type of event, the subject iden-
tity, and the outcome of the event.
3.2 Cryptographic Support
The TOE provides cryptographic support for the following features,
 TLSv1.1, TLSv1.2 and HTTPS connectivity with the following entities:
 Management Web Browser,
 Audit Server.
 SSH connectivity with the following entities:
 Management SSH Client.
 Secure software update
3.3 Identification and Authentication
The TOE provides authentication services for administrative users to connect to the
TOEs administrator interfaces (local CLI, remote CLI, and remote GUI). The TOE re-
quires Authorized Administrators to authenticate prior to being granted access to any
of the management functionality. In the Common Criteria evaluated configuration, the
TOE is configured to require a minimum password length of 15 characters. The TOE
provides administrator authentication against a local user database. Password-based
authentication can be performed on any TOE administrative.
3.4 Security Management
The TOE provides secure administrative services for management of general TOE
configuration and the security functionality provided by the TOE. Management can
take place over a variety of interfaces including:
 Local console command line administration;
 Remote CLI administration via SSH;
 Remote GUI administration via HTTPS/TLS.
All administration functions can be accessed via, remote CLI, remote GUI or via a di-
rect connection to the TOE. The TOE provides the ability to securely manage the be-
low listed functions;
 All TOE administrative users;
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
7 (19)
 All identification and authentication;
 All audit functionality of the TOE;
 All TOE cryptographic functionality;
 The timestamps maintained by the TOE;
 Update to the TOE.
3.5 Protection of the TSF
The TOE protects against interference and tampering by untrusted subjects by imple-
menting identification, authentication, and access controls to limit configuration to
Administrators. The TOE prevents reading of cryptographic keys and passwords. Ad-
ditionally, the TOE software (6.7.3) is custom-built for the appliance.
The TOE internally maintains the date and time. This date and time is used as the
timestamp that is applied to audit records generated by the TOE. Administrators can
update the TOE’s clock manually. Finally, the TOE performs testing to verify correct
operation of the security appliances themselves. The TOE verifies all software updates
via digital signature (2048-bit RSA/SHA-256) and requires administrative intervention
prior to the software updates being installed on the TOE to avoid the installation of
unauthorized software.
3.6 TOE Access
The TOE can terminate inactive sessions after an Authorized Administrator configura-
ble time period. Once a session has been terminated the TOE requires the user to re-
authenticate to establish a new session. The TOE displays an Authorized Administra-
tor specified banner on both the CLI and GUI management interfaces prior to allowing
any administrative access to the TOE.
3.7 Trusted Path/Channels
The TOE supports several types of secure communications, including,
 Trusted paths with remote administrators over SSH,
 Trusted paths with remote administrators over TLS/HTTPS,
 Trusted channels with remote IT environment audit servers over TLS.
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
8 (19)
4 Assumptions and Clarification of Scope
4.1 Usage Assumptions
The Security Target [ST] makes five assumptions on the usage of the TOE.
A.LIMITED_FUNCTIONALITY
The device is assumed to provide networking functionality as its core function and not
provide functionality/services that could be deemed as general purpose computing.
For example the device should not provide computing platform for general purpose
applications (unrelated to networking functionality).
A.NO_THRU_TRAFFIC_PROTECTION
A standard/generic network device does not provide any assurance regarding the pro-
tection of traffic that traverses it. The intent is for the network device to protect data
that originates on or is destined to the device itself, to include administrative data and
audit data. Traffic that is traversing the network device, destined for another network
entity, is not covered by the ND cPP. It is assumed that this protection will be covered
by cPPs for particular types of network devices (e.g, firewall).
A.TRUSTED_ADMINISTRATOR
The Security Administrator(s) for the network device are assumed to be trusted and to
act in the best interest of security for the organization. This includes being appropri-
ately trained, following policy, and adhering to guidance documentation. Administra-
tors are trusted to ensure passwords/credentials have sufficient strength and entropy
and to lack malicious intent when administering the device. The network device is not
expected to be capable of defending against a malicious administrator that actively
works to bypass or compromise the security of the device.
A.REGULAR_UPDATES
The network device firmware and software is assumed to be updated by an administra-
tor on a regular basis in response to the release of product updates due to known vul-
nerabilities.
A.ADMIN_CREDENTIALS_SECURE
The administrator’s credentials (private key) used to access the network device are
protected by the platform on which they reside.
4.2 Environmental Assumptions
One assumption on the environment is made in the Security Target.
A.PHYSICAL_PROTECTION
The network device is assumed to be physically protected in its operational environ-
ment and not subject to physical attacks that compromise the security and/or interfere
with the device’s physical interconnections and correct operation. This protection is
assumed to be sufficient to protect the device and the data it contains. As a result, the
cPP will not include any requirements on physical tamper protection or other physical
attack mitigations. The cPP will not expect the product to defend against physical ac-
cess to the device that allows unauthorized entities to extract data, bypass other con-
trols, or otherwise manipulate the device.
4.3 Organisational Security Policies (OSPs),
The Security Target [ST] places one Organizational Security Policy on the TOE.
P.ACCESS_BANNER
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
9 (19)
The TOE shall display an initial banner describing restrictions of use, legal agree-
ments, or any other appropriate information to which users consent by accessing the
TOE.
4.4 Clarification of Scope
The Security Target [ST] contains nine threats, which have been considered during the
evaluation.
T.UNATHORIZED_ADMINISTRATOR_ACCESS
Threat agents may attempt to gain administrator access to the network device by ne-
farious means such as masquerading as an administrator to the device, masquerading
as the device to an administrator, replaying an administrative session (in its entirety, or
selected portions), or performing man-in-the-middle attacks, which would provide ac-
cess to the administrative session, or sessions between network devices. Successfully
gaining administrator access allows malicious actions that compromise the security
functionality of the device and the network on which it resides.
T.WEAK_CRYPTOGRAPHY
Threat agents may exploit weak cryptographic algorithms or perform a cryptographic
exhaust against the key space. Poorly chosen encryption algorithms, modes, and key
sizes will allow attackers to compromise the algorithms, or brute force exhaust the key
space and give them unauthorized access allowing them to read, manipulate and/or
control the traffic with minimal effort.
T.UNTRUSTED_COMMUNICATION_CHANNELS
Threat agents may attempt to target network devices that do not use standardized se-
cure tunneling protocols to protect the critical network traffic. Attackers may take ad-
vantage of poorly designed protocols or poor key management to successfully perform
man-in-the-middle attacks, replay attacks, etc. Successful attacks will result in loss of
confidentiality and integrity of the critical network traffic, and potentially could lead
to a compromise of the network device itself.
T.WEAK_AUTHENTICATION_ENDPOINTS
Threat agents may take advantage of secure protocols that use weak methods to au-
thenticate the endpoints – e.g., shared password that is guessable or transported as
plaintext. The consequences are the same as a poorly designed protocol, the attacker
could masquerade as the administrator or another device, and the attacker could insert
themselves into the network stream and perform a man-in-the-middle attack. The re-
sult is the critical network traffic is exposed and there could be a loss of confidential-
ity and integrity, and potentially the network device itself could be compromised.
T.UPDATE_COMPROMISE
Threat agents may attempt to provide a compromised update of the software or firm-
ware which undermines the security functionality of the device. Non-validated updates
or updates validated using non-secure or weak cryptography leave the update firm-
ware vulnerable to surreptitious alteration.
T.UNDETECTED_ACTIVITY
Threat agents may attempt to access, change, and/or modify the security functionality
of the network device without administrator awareness. This could result in the at-
tacker finding an avenue (e.g., misconfiguration, flaw in the product) to compromise
the device and the administrator would have no knowledge that the device has been
compromised.
T.SECURITY_FUNCTIONALITY_COMPROMISE
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
10 (19)
Threat agents may compromise credentials and device data enabling continued access
to the network device and its critical data. The compromise of credentials include re-
placing existing credentials with an attacker’s credentials, modifying existing creden-
tials, or obtaining the administrator or device credentials for use by the attacker.
T.PASSWORD_CRACKING
Threat agents may be able to take advantage of weak administrative passwords to gain
privileged access to the device. Having privileged access to the device provides the
attacker unfettered access to the network traffic, and may allow them to take ad-
vantage of any trust relationships with other network devices.
T.SECURITY_FUNCTIONALITY_FAILURE
A component of the network device may fail during start-up or during operations
causing a compromise or failure in the security functionality of the network device,
leaving the device susceptible to attackers.
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
11 (19)
5 Architectural Information
The TOE is a hardware and software solution that is comprised of the network device
and its configurations described above. The diagram below depicts the evaluated con-
figuration. The red rectangle represents the physical boundary of the TOE.
Figure 1, Physical boundary for the ProxySG, RP, and ASG S400 and S500 appliances
Figure 2 Physical Boundary for the SWG and RP VA
The IPv4 network on which the TOE resides is considered part of the environment.
The software for the physical appliances is pre-installed and is comprised of only the
software versions identified in [ST] section 1.2.
The TOE physical boundary includes the following appliances:
 S400-20
 S400-30
 S400-40
 S500-10
 S500-20
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
12 (19)
 S500-30
For the virtual appliances, the TOE physical boundary also includes the following:
 VMware ESXi 6.5 Hypervisor
 A single Guest Virtual Machine (SWG VA or RP VA)
 Hardware platform (Dell Precision T3610 for this evaluation) providing:
 Intel Xeon processor E5-1600 with up to 6 cores
 Minimum 4GB memory
 Integrated Gigabit Ethernet controller
 Minimum 1 hard drive with at least 100GB free space
No other virtual machines may be installed on the same hardware platform as the
SWG VA or RP VA.
Dependencies on Other Hardware, Firmware and Software
In addition, as part of the evaluation, the TOE IT environment includes the use of
 Remote Management Workstation (GUI);
 Remote Management Workstation (CLI);
 Local Management Workstation (CLI); and
 Audit Server
Excluded from the TOE Evaluated Configuration
According to [CCADM] section 1.4 Configuration Constraints, SAML Authentication
should not be used in the evaluated configuration.
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
13 (19)
6 Documentation
For proper configuration of the TOE into the evaluated configuration, the following
guidance documents are available:
 Symantec Corporation Blue Coat ProxySG, Blue Coat Reverse Proxy, Blue Coat
Secure Web Gateway Virtual Appliance, and Symantec Advanced Secure Gate-
way Firmware Version: 6.7.3 Common Criteria Administrative Guidance Docu-
ment version 0.3
 SGOS Administration Guide Version 6.7.x Document Revision: SGOS 6.7.2.1—
11/2017-N
 Command Line Interface Reference Version 6.7.x Document Revision: SGOS
6.7.x—07/2017-B
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
14 (19)
7 IT Product Testing
The evaluator testing was executed on Blue Coat ProxySG, Blue Coat Reverse Proxy,
Blue Coat Reverse Proxy Virtual Appliance, Blue Coat Secure Web Gateway Virtual
Appliance, Advanced Reverse Proxy Virtual Appliance, and the Advanced Secure
Gateway. The TOE software was version 6.7.3.103, Build 216856 (ProxySG, Reverse
Proxy, Reverse Proxy Virtual Appliance, Secure Web Gateway Virtual Appliance)
and Build 216878 (Advanced Secure Gateway).
The tested appliances are according to equivalency rationale:
 ASG S400-40
 SG S500-20
 Blue Coat Secure Web Gateway Virtual Appliance, SWG-VA
 Blue Coat Advanced Reverse Proxy Virtual Appliance, ARP-VA
Testing was also performed on the previous versions 6.7.3.101 and 6.7.3.102.
The tests were executed in Combitech’s test lab, Sundbyberg, Sweden..
7.1 Evaluator Testing
The test configuration and the test cases follows the test requirements for each SFR
placed in NDcPP. The test cases provide coverage for the TOE interfaces and SFRs.
The results of all test cases were consistent with the expected test results and all tests
were judged to pass.
7.2 Penetration Testing
The following types of penetration tests were performed:
 Port scan
 Vulnerability scanning
 Protocol fuzzing
Port scans were run after installation and configuration had been done according the
guidance documentation. The purpose was to check that no unexpected ports were
opened unfiltered and no unexpected services available. The Nmap (www.nmap.org)
port scan tool was used. Four different modes were used: TCP Connect, TCP SYN,
UDP, and IP protocol scans. All possible 65535 ports were scanned for TCP/UDP.
Nessus (www.tenable.com) vulnerability scans were run. No issues concerning the
evaluated configuration were found.
The ICMP and TCP protocols were fuzzed with 256 strings using scapy
(http://www.secdev.org/projects/scapy).
All penetration testing had negative outcome, i.e. no vulnerabilities were found.
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
15 (19)
8 Evaluated Configuration
The TOE evaluated configuration for the physical appliances is comprised of at least
one of the following: S400-20, S400-30, S400-40, S500-10, S500-20, or S500-30. For
the SWG VA and the RP VA, the TOE evaluated configuration is comprised of one
instance of the VA executing on a Dell Precision T3610 hardware platform with ESXi
6.5. The evaluated configuration also supports the following required external IT enti-
ties;
Remote Management Workstat-
ion (GUI).
This includes any IT Environment Manage-
ment workstation with a web browser in-
stalled that is used by the TOE administrator
to support TOE administration through
HTTPS and TLS protected channels.
Remote Management Workstat-
ion (CLI).
This includes any IT Environment Manage-
ment workstation with an SSH client installed
that is used by the TOE administrator to sup-
port TOE administration through SSH pro-
tected channels.
Local Management Workstat-
ion (CLI).
This includes any IT Environment Manage-
ment workstation with a local CLI support
that is used by the TOE administrator to sup-
port TOE administration through a direct con-
nection.
Audit Server The audit server is used for remote storage of
audit records that have been generated by and
pulled from the TOE.
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
16 (19)
9 Results of the Evaluation
The evaluators applied each work unit of the Common Methodology [CEM] within
the scope of the evaluation, and concluded that the TOE meets the security objectives
stated in the Security Target [ST] for an attack potential of Basic.
The certifier reviewed the work of the evaluators and determined that the evaluation
was conducted in accordance with the Common Criteria [CC].
The evaluators' overall verdict is PASS.
The verdicts for the assurance classes and components are summarised in the follow-
ing table:
Development ADV PASS
Functional Specification ADV_FSP.1 PASS
Guidance Documents AGD PASS
Operational User Guidance AGD_OPE.1 PASS
Preparative Procedures AGD_PRE.1 PASS
Life-cycle Support ALC PASS
CM Capabilities ALC_CMC.1 PASS
CM Scope ALC_CMS.1 PASS
Security Target Evaluation ASE PASS
ST Introduction ASE_INT.1 PASS
Conformance Claims ASE_CCL.1 PASS
Security Problem Definition ASE_SPD.1 PASS
Security Objectives ASE_OBJ.1 PASS
Extended Components Definition ASE_ECD.1 PASS
Security Requirements ASE_REQ.1 PASS
TOE Summary Specification ASE_TSS.1 PASS
Tests ATE PASS
Independent Testing ATE_IND.1 PASS
Vulnerability Assessment AVA PASS
Vulnerability Analysis AVA_VAN.1 PASS
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
17 (19)
10 Evaluator Comments and Recommendations
None.
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
18 (19)
11 Glossary
ARP Advanced Reverse Proxy
ASG Advanced Security Gateway
CA Certificate Authority
CC Common Critera
CLI Command Line Interface
CRL Certificate Revocation List
GUI Graphical User Interface
HTTP Hypertext Transfer Protocol
HTTPS HTTP Secure
ICMP Internet Control Message Protocol
IP Internet Protocol
IPv4 Internet Protocol version 4
NDcPP Network Device Collaborative Protection Profile
OS Operating System
PP Protection Profile
RP Reverse Proxy
RSA Rivest-Shamir-Adleman
SAML Security Assertion Markup Language
SHA Secure Hash Algorithm
SSH Secure Shell
ST Security Target
SWG Secure Web Gateway
TCP Transmission Control Protocol
TLS Transport Layer Security
TOE Target of Evaluation
TSF TOE Security Functions
TSFI TSF Interface
UDP User Datagram Protocol
VA Virtual Appliance
Swedish Certification Body for IT Security
Certification Report - Blue Coat ProxySG
17FMV6870-43:1 2.0 2019-02-01
19 (19)
12 Bibliography
ST Symantec Corporation Blue Coat ProxySG, Blue Coat Reverse Proxy,
Blue Coat Reverse Proxy Virtual Appliance, Blue Coat Secure Web
Gateway Virtual Appliance, and Symantec Advanced Secure Gateway
Software Version: 6.7 Security Target, version 1.6, 2019-01-15
NDcPP Collaborative Protection Profile for Network Devices (NDcPP) version
1.0
NDSD NDSD Evaluation Activities for Network Device cPP, February 2015,
version 1.0
CCADM Symantec Corporation Blue Coat ProxySG, Blue Coat Reverse Proxy,
Blue Coat Reverse Proxy Virtual Appliance, Blue Coat Secure Web
Gateway Virtual Appliance, and Symantec Advanced Secure Gateway,
Common Criteria Administrative Guidance Document, September 26
2018, version 0.7
CC Common Criteria for Information Technology Security Evaluation,
Part 1-3, CCMB-2017-04-001 through 003, version 3.1, revision 5
CEM Common Methodology for Information Technology Security Evalua-
tion, CCMB-2017-04-004, version 3.1, revision 5
SP-002 Evaluation and Certification, CSEC, 2018-04-24, version 29.0
SP-188 Scheme Crypto Policy, CSEC, 2017-04-04, version 7.0
A.1 Scheme/Quality Management System
During the certification project, the following versions of the quality management sys-
tem (QMS) have been applicable since the certification application was received:
QMS 1.20.5 valid from 2017-06-28
QMS 1.21 valid from 2017-11-15
QMS 1.21.1 valid from 2018-03-09
QMS 1.21.2 valid from 2018-03-09
QMS 1.21.3 valid from 2018-05-24
QMS 1.21.4 valid from 2018-09-13
In order to ensure consistency in the outcome of the certification, the certifier has ex-
amined the changes introduced in each update of the quality management system.
The changes between consecutive versions are outlined in “Ändringslista CSEC QMS
1.21.4”. The certifier concluded that, from QMS 1.20.5 to the current QMS 1.21.4,
there are no changes with impact on the result of the certification.
A.2 Scheme Notes
The following Scheme interpretations have been considered during the certification.
 Scheme Note 15 - Demonstration of test coverage
 Scheme Note 18 - Highlighted Requirements on the Security Target
 Scheme Note 21 - NIAP PP Certifications
 Scheme Note 23 - Evaluation Reports for NIAP PPs and cPPs