{
"_type": "sec_certs.sample.cc.CCCertificate",
"category": "Network and Network-Related Devices and Systems",
"cert_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11500-ci.pdf",
"dgst": "b2912f6d00671646",
"heuristics": {
"_type": "sec_certs.sample.cc.CCCertificate.Heuristics",
"annotated_references": null,
"cert_id": "CCEVS-VR-VID-11500-2025",
"cert_lab": [
"US"
],
"cpe_matches": null,
"direct_transitive_cves": null,
"eal": "EAL1",
"extracted_sars": {
"_type": "Set",
"elements": [
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_FLR",
"level": 3
}
]
},
"extracted_versions": {
"_type": "Set",
"elements": [
"11.1"
]
},
"indirect_transitive_cves": null,
"next_certificates": null,
"prev_certificates": null,
"protection_profiles": {
"_type": "Set",
"elements": [
"4704bfbdf61ca066",
"ed9c9d74c3710878"
]
},
"related_cves": null,
"report_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"scheme_data": null,
"st_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"verified_cpe_matches": null
},
"maintenance_updates": {
"_type": "Set",
"elements": []
},
"manufacturer": "Palo Alto Networks, Inc.",
"manufacturer_web": "https://www.paloaltonetworks.com/",
"name": "Palo Alto Networks M-200, M-300, M-600, and M-700 Hardware, and Virtual Appliances all running Panorama 11.1",
"not_valid_after": "2027-05-19",
"not_valid_before": "2025-05-19",
"pdf_data": {
"_type": "sec_certs.sample.cc.CCCertificate.PdfData",
"cert_filename": "st_vid11500-ci.pdf",
"cert_frontpage": null,
"cert_keywords": {
"asymmetric_crypto": {},
"cc_cert_id": {
"US": {
"CCEVS-VR-VID11500-2025": 1
}
},
"cc_claims": {},
"cc_protection_profile_id": {},
"cc_sar": {},
"cc_security_level": {},
"cc_sfr": {},
"certification_process": {},
"cipher_mode": {},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"SSH": {
"SSH": 1
}
},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {},
"eval_facility": {
"Leidos": {
"Leidos": 1
}
},
"hash_function": {},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {},
"side_channel_analysis": {},
"standard_id": {},
"symmetric_crypto": {},
"technical_report_id": {},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"cert_metadata": {
"/Producer": "WeasyPrint 62.3",
"/Title": "VID11500-FINAL CERT",
"pdf_file_size_bytes": 136298,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 1
},
"report_filename": "st_vid11500-vr.pdf",
"report_frontpage": {
"US": {
"cert_id": "CCEVS-VR-VID11500-2025",
"cert_item": "for Palo Alto Networks M-200, M-300, M-600, and M-700 Hardware, and Virtual Appliances all running Panorama 11.1",
"cert_lab": "US NIAP"
}
},
"report_keywords": {
"asymmetric_crypto": {},
"cc_cert_id": {
"US": {
"CCEVS-VR-VID11500-2025": 1
}
},
"cc_claims": {},
"cc_protection_profile_id": {},
"cc_sar": {},
"cc_security_level": {},
"cc_sfr": {},
"certification_process": {
"OutOfScope": {
"Configuration This section briefly identifies the evaluated configuration(s) and any excluded and out of scope functionality. 8.1 Evaluated Configuration The evaluated version of the TOE consists of Palo Alto": 1,
"extent specified by the security functional requirements: TLS, HTTPS, SSH. The features below are out of scope. Feature Description Telnet and HTTP Management Protocols Telnet and HTTP are disabled by default": 1,
"out of scope": 2
}
},
"cipher_mode": {},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"SSH": {
"SSH": 15,
"SSHv2": 1
},
"TLS": {
"TLS": {
"TLS": 8
}
},
"VPN": {
"VPN": 1
}
},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {},
"eval_facility": {
"Leidos": {
"Leidos": 5
}
},
"hash_function": {},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {},
"side_channel_analysis": {},
"standard_id": {},
"symmetric_crypto": {},
"technical_report_id": {},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Broadcom": {
"Broadcom": 3
},
"Microsoft": {
"Microsoft": 2
}
},
"vulnerability": {}
},
"report_metadata": {
"/Author": "Lisa D Mitchell",
"/CreationDate": "D:20250527151601-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2019",
"/ModDate": "D:20250527151601-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2019",
"pdf_file_size_bytes": 382229,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://nvd.nist.gov/",
"https://security.paloaltonetworks.com/",
"https://www.kb.cert.org/vuls/html/search",
"https://www.zerodayinitiative.com/advisories/published/"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 25
},
"st_filename": "st_vid11500-st.pdf",
"st_frontpage": null,
"st_keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 11
},
"ECDH": {
"ECDH": 5,
"ECDHE": 6
},
"ECDSA": {
"ECDSA": 26
}
},
"FF": {
"DH": {
"DH": 4,
"DHE": 6,
"Diffie-Hellman": 7
}
},
"RSA": {
"RSA 2048": 2,
"RSA-2048": 1
}
},
"cc_cert_id": {},
"cc_claims": {
"A": {
"A.COMPONENTS_RUNNING": 1,
"A.PHYSICAL_PROTECTION": 1
},
"OE": {
"OE.ADMIN_CREDENTIALS_SECURE": 1,
"OE.COMPONENTS_RUNNING": 1,
"OE.NO_GENERAL_PURPOSE": 1,
"OE.NO_THRU_TRAFFIC_PROTECTION": 1,
"OE.PHYSICAL": 1,
"OE.RESIDUAL_INFORMATION": 1,
"OE.TRUSTED_ADMIN": 1,
"OE.UPDATES": 1,
"OE.VM_CONFIGURATION": 1
}
},
"cc_protection_profile_id": {},
"cc_sar": {
"ADV": {
"ADV_FSP": 1
},
"AGD": {
"AGD_OPE": 1,
"AGD_PRE": 1
},
"ALC": {
"ALC_CMC": 1,
"ALC_CMS": 1,
"ALC_FLR": 1,
"ALC_FLR.3": 3
},
"ASE": {
"ASE_CCL": 1,
"ASE_ECD": 1,
"ASE_INT": 1,
"ASE_OBJ": 1,
"ASE_REQ": 1,
"ASE_SPD": 1,
"ASE_TSS": 1
},
"ATE": {
"ATE_IND": 1
},
"AVA": {
"AVA_VAN": 1
}
},
"cc_security_level": {},
"cc_sfr": {
"FAU": {
"FAU_GEN": 2,
"FAU_GEN.1": 3,
"FAU_GEN.1.1": 1,
"FAU_GEN.1.2": 1,
"FAU_GEN.2": 3,
"FAU_GEN.2.1": 1,
"FAU_STG": 1,
"FAU_STG.1": 2,
"FAU_STG.1.1": 1,
"FAU_STG.1.2": 1,
"FAU_STG_EXT": 1,
"FAU_STG_EXT.1": 4,
"FAU_STG_EXT.1.1": 1,
"FAU_STG_EXT.1.2": 1,
"FAU_STG_EXT.1.3": 1,
"FAU_STG_EXT.1.4": 1,
"FAU_STG_EXT.1.5": 1,
"FAU_STG_EXT.1.6": 1
},
"FCS": {
"FCS_CKM": 5,
"FCS_CKM.1": 6,
"FCS_CKM.1.1": 1,
"FCS_CKM.2": 5,
"FCS_CKM.2.1": 1,
"FCS_CKM.4": 3,
"FCS_CKM.4.1": 1,
"FCS_COP": 23,
"FCS_COP.1": 4,
"FCS_RBG_EXT": 1,
"FCS_RBG_EXT.1": 6,
"FCS_RBG_EXT.1.1": 1,
"FCS_RBG_EXT.1.2": 1,
"FCS_SSHS_EXT": 1,
"FCS_SSHS_EXT.1": 4,
"FCS_SSHS_EXT.1.1": 1,
"FCS_SSHS_EXT.1.3": 1,
"FCS_SSH_EXT": 1,
"FCS_SSH_EXT.1": 4,
"FCS_SSH_EXT.1.1": 1,
"FCS_SSH_EXT.1.2": 1,
"FCS_SSH_EXT.1.3": 1,
"FCS_SSH_EXT.1.4": 1,
"FCS_SSH_EXT.1.5": 1,
"FCS_SSH_EXT.1.6": 1,
"FCS_SSH_EXT.1.7": 1,
"FCS_SSH_EXT.1.8": 1,
"FCS_TLSC_EXT": 2,
"FCS_TLSC_EXT.1": 3,
"FCS_TLSC_EXT.1.1": 2,
"FCS_TLSC_EXT.1.2": 1,
"FCS_TLSC_EXT.1.3": 1,
"FCS_TLSC_EXT.1.4": 1,
"FCS_TLSC_EXT.1.5": 1,
"FCS_TLSC_EXT.1.6": 1,
"FCS_TLSC_EXT.1.7": 1,
"FCS_TLSC_EXT.1.8": 1,
"FCS_TLSC_EXT.1.9": 1,
"FCS_TLSS_EXT": 1,
"FCS_TLSS_EXT.1": 6,
"FCS_TLSS_EXT.1.1": 4,
"FCS_TLSS_EXT.1.2": 2,
"FCS_TLSS_EXT.1.3": 2,
"FCS_TLSS_EXT.1.4": 2,
"FCS_TLSS_EXT.1.5": 2,
"FCS_TLSS_EXT.1.6": 2,
"FCS_TLSS_EXT.1.7": 2,
"FCS_TLSS_EXT.1.8": 2,
"FCS_TLSS_EXT.2": 3,
"FCS_TLSS_EXT.2.1": 1,
"FCS_TLSS_EXT.2.2": 2,
"FCS_TLSS_EXT.2.3": 1,
"FCS_TLSS_EXT.2.4": 1
},
"FIA": {
"FIA_AFL": 1,
"FIA_AFL.1": 5,
"FIA_AFL.1.1": 1,
"FIA_AFL.1.2": 1,
"FIA_PMG_EXT": 1,
"FIA_PMG_EXT.1": 3,
"FIA_PMG_EXT.1.1": 1,
"FIA_UIA_EXT": 1,
"FIA_UIA_EXT.1": 5,
"FIA_UIA_EXT.1.1": 1,
"FIA_UIA_EXT.1.2": 1,
"FIA_UIA_EXT.1.3": 4,
"FIA_UIA_EXT.1.4": 1
},
"FMT": {
"FMT_MOF": 4,
"FMT_MOF.1": 1,
"FMT_MTD": 5,
"FMT_MTD.1": 3,
"FMT_SMF": 1,
"FMT_SMF.1": 3,
"FMT_SMF.1.1": 3,
"FMT_SMR": 1,
"FMT_SMR.2": 3,
"FMT_SMR.2.1": 1,
"FMT_SMR.2.2": 1,
"FMT_SMR.2.3": 1
},
"FPT": {
"FPT_APW_EXT": 1,
"FPT_APW_EXT.1": 3,
"FPT_APW_EXT.1.1": 1,
"FPT_APW_EXT.1.2": 1,
"FPT_SKP_EXT": 1,
"FPT_SKP_EXT.1": 3,
"FPT_SKP_EXT.1.1": 1,
"FPT_STM_EXT": 1,
"FPT_STM_EXT.1": 4,
"FPT_STM_EXT.1.1": 1,
"FPT_STM_EXT.1.2": 1,
"FPT_TST_EXT": 1,
"FPT_TST_EXT.1": 3,
"FPT_TST_EXT.1.1": 1,
"FPT_TST_EXT.1.2": 1,
"FPT_TUD_EXT": 1,
"FPT_TUD_EXT.1": 3,
"FPT_TUD_EXT.1.1": 1,
"FPT_TUD_EXT.1.2": 1,
"FPT_TUD_EXT.1.3": 1
},
"FTA": {
"FTA_SSL": 2,
"FTA_SSL.3": 3,
"FTA_SSL.3.1": 1,
"FTA_SSL.4": 3,
"FTA_SSL.4.1": 1,
"FTA_TAB": 1,
"FTA_TAB.1": 4,
"FTA_TAB.1.1": 1
},
"FTP": {
"FTP_ITC": 1,
"FTP_ITC.1": 4,
"FTP_ITC.1.1": 1,
"FTP_ITC.1.2": 1,
"FTP_ITC.1.3": 1,
"FTP_TRP": 4,
"FTP_TRP.1": 3
}
},
"certification_process": {
"OutOfScope": {
"If it is stored via External HSM (operational environment), it is protected by the HSM and is out of scope. The TOE also zeroizes (i.e., overwrites) non-persistent cryptographic keys as soon as their": 1,
"e., stateful inspection filtering, IPsec VPN gateway, IPS/IDS threat prevention) are not evaluated (out of scope). Only the secure communication channels from Panorama to firewalls and Wildfires are claimed. In": 1,
"extent specified by the security functional requirements: TLS, HTTPS, SSH. The features below are out of scope. Table 2 Excluded Features Feature Description Telnet and HTTP Management Protocols Telnet and HTTP": 1,
"operational environment), it is protected by the HSM and is out of scope. The TOE also zeroizes (i.e": 1,
"out of scope": 3
}
},
"cipher_mode": {
"CBC": {
"CBC": 7
},
"CCM": {
"CCM": 4
},
"CTR": {
"CTR": 6
},
"GCM": {
"GCM": 11
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKE": 1
},
"IPsec": {
"IPsec": 3
},
"SSH": {
"SSH": 53,
"SSHv2": 7
},
"TLS": {
"SSL": {
"SSL": 3,
"SSL 2.0": 2,
"SSL 3.0": 2
},
"TLS": {
"TLS": 82,
"TLS 1.0": 2,
"TLS 1.1": 2,
"TLS 1.2": 11,
"TLS 1.3": 8,
"TLSv1.2": 10,
"TLSv1.3": 5
}
},
"VPN": {
"VPN": 4
}
},
"crypto_scheme": {
"MAC": {
"MAC": 1
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"NIST P-256": 1,
"P-256": 19,
"P-384": 18,
"P-521": 16,
"secp256r1": 8,
"secp384r1": 7,
"secp521r1": 8
}
},
"eval_facility": {},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 5
},
"SHA2": {
"SHA-2": 1,
"SHA-256": 8,
"SHA-384": 4,
"SHA-512": 4,
"SHA256": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 14
},
"RNG": {
"RBG": 3,
"RNG": 1
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 186-4": 1,
"FIPS PUB 186-4": 11
},
"ISO": {
"ISO/IEC 14888-3": 2,
"ISO/IEC 18031:2011": 4,
"ISO/IEC 9796-2": 2
},
"NIST": {
"SP 800-135": 2,
"SP 800-90A": 2,
"SP 800-90B": 2
},
"PKCS": {
"PKCS #1": 2,
"PKCS#12": 2
},
"RFC": {
"RFC 2818": 4,
"RFC 2986": 2,
"RFC 3268": 8,
"RFC 3526": 7,
"RFC 4252": 3,
"RFC 4253": 5,
"RFC 4344": 2,
"RFC 4492": 8,
"RFC 5077": 4,
"RFC 5246": 16,
"RFC 5280": 3,
"RFC 5288": 8,
"RFC 5289": 40,
"RFC 5647": 2,
"RFC 5656": 8,
"RFC 6125": 4,
"RFC 6668": 2,
"RFC 6960": 2,
"RFC 7919": 1,
"RFC 8332": 4,
"RFC 8422": 8,
"RFC 8446": 6
},
"X509": {
"X.509": 12
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 34,
"AES-256": 5
}
},
"DES": {
"3DES": {
"3DES": 1
}
},
"constructions": {
"MAC": {
"HMAC": 12,
"HMAC-SHA-256": 6,
"HMAC-SHA-384": 2,
"HMAC-SHA-512": 3
}
}
},
"technical_report_id": {},
"tee_name": {},
"tls_cipher_suite": {
"TLS": {
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA": 4,
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256": 4,
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256": 4,
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA": 4,
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256": 4,
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384": 4,
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": 4,
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 6,
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 6,
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": 4,
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": 4,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 6,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": 4,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 4,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 6,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": 4,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384": 2,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 6
}
},
"vendor": {
"Broadcom": {
"Broadcom": 2
},
"Microsoft": {
"Microsoft": 2
}
},
"vulnerability": {}
},
"st_metadata": {
"/Author": "Quang Trinh",
"/CreationDate": "D:20250519142048-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word for Microsoft 365",
"/ModDate": "D:20250519142048-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word for Microsoft 365",
"pdf_file_size_bytes": 1292883,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://www.paloaltonetworks.com/",
"about:blank"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 58
}
},
"protection_profile_links": {
"_type": "Set",
"elements": [
"https://www.commoncriteriaportal.org/nfs/ccpfiles/files/ppfiles/pkg_ssh_v1.0.pdf",
"https://www.commoncriteriaportal.org/nfs/ccpfiles/files/ppfiles/NDcPP_v3_0e.pdf"
]
},
"report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11500-vr.pdf",
"scheme": "US",
"security_level": {
"_type": "Set",
"elements": []
},
"st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11500-st.pdf",
"state": {
"_type": "sec_certs.sample.cc.CCCertificate.InternalState",
"cert": {
"_type": "sec_certs.sample.document_state.DocumentState",
"convert_garbage": true,
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"pdf_hash": "d3f16dc6f56d83f61cfe65e3f1146590b337dc82d8d033308b6ae5b33ac257f1",
"txt_hash": "d01e5fd2d0b35ff4f36d2a96449fea8c67575f4c0d9a94f8040bcf500cdb116a"
},
"report": {
"_type": "sec_certs.sample.document_state.DocumentState",
"convert_garbage": false,
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"pdf_hash": "75e700e528f635a5649a8d7bb8a915cd1af466bcf0faf314e08da6ba92e26e32",
"txt_hash": "be7ae8218539dbed50e886297b1919624d2b0f4f6d6dcab3faab5be4a373adef"
},
"st": {
"_type": "sec_certs.sample.document_state.DocumentState",
"convert_garbage": false,
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"pdf_hash": "4f03a89aad0809a7461b17e5947acb2c83e79f589777e74b512cf4bc4861bd8e",
"txt_hash": "3b005c6886ee5e088c785a003decbc226b9b7e1d0995a4f8e1a3017e28d05eaa"
}
},
"status": "active"
}