Comparing certificates Experimental feature

You are comparing two certificates. By default, only differing attributes are shown. Use the button below to show/hide all attributes.

Showing only differing attributes.
Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0
CCEVS-VR-VID-11063-2020
Palo Alto Networks PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series Next-Generation Firewall with PAN-OS 4.0.12-h2 and User Identification Agent v3.1.2
CCEVS-VR-VID-10392-2013
name Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0 Palo Alto Networks PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series Next-Generation Firewall with PAN-OS 4.0.12-h2 and User Identification Agent v3.1.2
category Network and Network-Related Devices and Systems Boundary Protection Devices and Systems
not_valid_after 14.10.2022 22.04.2015
not_valid_before 14.10.2020 11.04.2013
cert_link https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-ci.pdf
report_link https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-vr.pdf https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid10392-vr.pdf
st_link https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-st.pdf https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid10392-st.pdf
security_level {} ATE_DPT.3, ALC_FLR.2, EAL4+
dgst d0bdbe099855466b bdc993babbbfb13c
heuristics/cert_id CCEVS-VR-VID-11063-2020 CCEVS-VR-VID-10392-2013
heuristics/extracted_sars ALC_CMS.1, ADV_FSP.1, AVA_VAN.1, ATE_IND.1, ALC_CMC.1 ALC_TAT.1, ATE_FUN.1, ALC_DVS.1, ADV_IMP.1, ATE_DPT.3, AGD_PRE.1, ALC_CMS.4, ATE_COV.2, ADV_INT.1, ALC_CMC.4, ADV_FSP.5, ADV_ARC.1, AVA_VAN.3, ALC_DEL.1, AGD_OPE.1, ALC_LCD.1, ADV_TDS.4, ALC_FLR.2, ATE_IND.2
heuristics/extracted_versions 9.0 4.0.12, 3.1.2
heuristics/scheme_data
  • category: Firewall, Network Device, Virtual Private Network
  • certification_date: 14.10.2020
  • evaluation_facility: Leidos Common Criteria Testing Laboratory
  • expiration_date: 14.10.2022
  • id: CCEVS-VR-VID11063
  • product: Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0
  • scheme: US
  • url: https://www.niap-ccevs.org/product/11063
  • vendor: Palo Alto Networks, Inc.
  • category: Firewall
  • certification_date: 11.04.2013
  • evaluation_facility: Leidos Common Criteria Testing Laboratory
  • expiration_date: 11.04.2015
  • id: CCEVS-VR-VID10392
  • product: Palo Alto Networks PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series Next-Generation Firewall with PAN-OS 4.0.12-h2 and User Identification Agent v3.1.2
  • scheme: US
  • url: https://www.niap-ccevs.org/product/10392
  • vendor: Palo Alto Networks, Inc.
maintenance_updates

protection_profiles

pdf_data/cert_filename st_vid11063-ci.pdf
pdf_data/cert_keywords/cc_cert_id
  • US:
    • CCEVS-VR-VID11063-2020: 1
pdf_data/cert_keywords/cc_protection_profile_id
pdf_data/cert_keywords/cc_security_level
pdf_data/cert_keywords/cc_sar
pdf_data/cert_keywords/cc_sfr
pdf_data/cert_keywords/cc_claims
pdf_data/cert_keywords/vendor
pdf_data/cert_keywords/eval_facility
  • Leidos:
    • Leidos: 1
pdf_data/cert_keywords/symmetric_crypto
pdf_data/cert_keywords/asymmetric_crypto
pdf_data/cert_keywords/pq_crypto
pdf_data/cert_keywords/hash_function
pdf_data/cert_keywords/crypto_scheme
pdf_data/cert_keywords/crypto_protocol
  • VPN:
    • VPN: 1
pdf_data/cert_keywords/randomness
pdf_data/cert_keywords/cipher_mode
pdf_data/cert_keywords/ecc_curve
pdf_data/cert_keywords/crypto_engine
pdf_data/cert_keywords/tls_cipher_suite
pdf_data/cert_keywords/crypto_library
pdf_data/cert_keywords/vulnerability
pdf_data/cert_keywords/side_channel_analysis
pdf_data/cert_keywords/technical_report_id
pdf_data/cert_keywords/device_model
pdf_data/cert_keywords/tee_name
pdf_data/cert_keywords/os_name
pdf_data/cert_keywords/cplc_data
pdf_data/cert_keywords/ic_data_group
pdf_data/cert_keywords/standard_id
pdf_data/cert_keywords/javacard_version
pdf_data/cert_keywords/javacard_api_const
pdf_data/cert_keywords/javacard_packages
pdf_data/cert_keywords/certification_process
pdf_data/cert_metadata
  • /CreationDate: D:20201021133635-04'00'
  • /ModDate: D:20201021133635-04'00'
  • /Producer: iText 2.1.0 (by lowagie.com)
  • pdf_file_size_bytes: 182814
  • pdf_hyperlinks: {}
  • pdf_is_encrypted: False
  • pdf_number_of_pages: 1
pdf_data/report_filename st_vid11063-vr.pdf st_vid10392-vr.pdf
pdf_data/report_frontpage
  • US:
    • cert_id: CCEVS-VR-VID11063-2020
    • cert_item: for Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0
    • cert_lab: US NIAP
  • US:
    • cert_id: CCEVS-VR-VID10392-2013
    • cert_item: Palo Alto Networks PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series Next-Generation Firewall running PAN-OS 4.0.12-h2
    • cert_lab: US NIAP
pdf_data/report_keywords/cc_cert_id
  • US:
    • CCEVS-VR-VID11063-2020: 1
  • US:
    • CCEVS-VR-VID10392-2013: 1
pdf_data/report_keywords/cc_security_level
  • EAL:
    • EAL 4: 3
    • EAL 4 augmented: 3
pdf_data/report_keywords/cc_sar
  • ADV:
    • ADV_ARC.1: 1
    • ADV_FSP.4: 1
    • ADV_IMP.1: 1
    • ADV_TDS.3: 1
  • AGD:
    • AGD_OPE.1: 1
    • AGD_PRE.1: 1
  • ALC:
    • ALC_CMC.4: 1
    • ALC_CMS.4: 1
    • ALC_DEL.1: 1
    • ALC_DVS.1: 1
    • ALC_FLR.2: 5
    • ALC_LCD.1: 1
    • ALC_TAT.1: 1
  • ATE:
    • ATE_COV.2: 1
    • ATE_DPT: 1
    • ATE_DPT.3: 4
    • ATE_FUN.1: 1
    • ATE_IND.2: 1
  • AVA:
    • AVA_VAN.3: 1
pdf_data/report_keywords/vendor
  • Microsoft:
    • Microsoft: 2
  • Microsoft:
    • Microsoft: 3
pdf_data/report_keywords/eval_facility
  • Leidos:
    • Leidos: 7
pdf_data/report_keywords/crypto_scheme
  • KEX:
    • Key Exchange: 2
pdf_data/report_keywords/crypto_protocol
  • IPsec:
    • IPsec: 12
  • SSH:
    • SSH: 14
  • TLS:
    • TLS:
      • TLS: 10
  • VPN:
    • VPN: 18
  • IKE:
    • IKE: 2
  • SSH:
    • SSH: 8
  • TLS:
    • SSL:
      • SSL: 12
    • TLS:
      • TLS: 1
  • VPN:
    • VPN: 8
pdf_data/report_keywords/crypto_library
  • OpenSSL:
    • OpenSSL: 1
pdf_data/report_keywords/standard_id
  • CC:
    • CCIMB-2006-09-001: 1
    • CCIMB-2007-09-002: 1
    • CCIMB-2007-09-003: 1
    • CCIMB-2007-09-004: 1
  • FIPS:
    • FIPS 140-2: 1
  • NIST:
    • NIST SP 800-53: 2
pdf_data/report_keywords/certification_process
  • OutOfScope:
    • and URL Filtering security policies/profiles are not evaluated and therefore, these features are out of scope. API request over HTTP By default, the TOE supports API requests over HTTPS or HTTPS tunneled over: 1
    • Policies The TLS and SSH decryption policies are not evaluated and therefore, these features are out of scope. Anti-Virus, Anti-Spyware, Anti-Malware Security Policies The Anti-Virus, Anti-Spyware: 1
    • by the security functional requirements: TLS, HTTPS, SSH, IKE/IPsec. The features below are out of scope. Table 2 Excluded Features Feature Description Telnet and HTTP Management Protocols Telnet and HTTP: 1
    • out of scope: 4
    • security policies (i.e., profiles) are not evaluated and therefore, there features are out of scope. File Blocking, DLP, and URL Filtering Security Policies The File Blocking, DLP (Data Loss: 1
pdf_data/report_metadata
  • /CreationDate: D:20210517140421-04'00'
  • /ModDate: D:20210517140421-04'00'
  • pdf_file_size_bytes: 778696
  • pdf_hyperlinks: {}
  • pdf_is_encrypted: False
  • pdf_number_of_pages: 38
  • /Author: SAIC
  • /CreationDate: D:20130514115641
  • /Creator: Microsoft® Office Word 2007
  • /ModDate: D:20130514115641
  • /Producer: Microsoft® Office Word 2007
  • /Subject: Validation Report
  • /Title: Palo Alto Networks Inc. PA-Series Next Generation Firewall
  • pdf_file_size_bytes: 483560
  • pdf_hyperlinks: {}
  • pdf_is_encrypted: False
  • pdf_number_of_pages: 28
pdf_data/st_filename st_vid11063-st.pdf st_vid10392-st.pdf
pdf_data/st_keywords/cc_security_level
  • EAL:
    • EAL 4: 1
    • EAL4: 3
    • EAL4 augmented: 3
pdf_data/st_keywords/cc_sar
  • ADV:
    • ADV_FSP.1: 1
  • AGD:
    • AGD_OPE: 1
    • AGD_PRE: 1
  • ALC:
    • ALC_CMC.1: 1
    • ALC_CMS.1: 1
  • ASE:
    • ASE_CCL: 1
    • ASE_ECD: 1
    • ASE_INT: 1
    • ASE_OBJ: 1
    • ASE_REQ: 1
    • ASE_SPD: 1
    • ASE_TSS: 1
  • ATE:
    • ATE_IND.1: 1
  • AVA:
    • AVA_VAN.1: 1
  • ADV:
    • ADV_ARC: 1
    • ADV_ARC.1: 10
    • ADV_FSP: 1
    • ADV_FSP.4: 11
    • ADV_FSP.5: 1
    • ADV_IMP: 1
    • ADV_IMP.1: 7
    • ADV_INT.1: 1
    • ADV_TDS: 1
    • ADV_TDS.3: 15
    • ADV_TDS.4: 1
  • AGD:
    • AGD_OPE: 1
    • AGD_OPE.1: 10
    • AGD_PRE: 1
    • AGD_PRE.1: 6
  • ALC:
    • ALC_CMC: 1
    • ALC_CMC.4: 15
    • ALC_CMS: 1
    • ALC_CMS.4: 6
    • ALC_DEL: 1
    • ALC_DEL.1: 5
    • ALC_DVS: 1
    • ALC_DVS.1: 5
    • ALC_FLR: 1
    • ALC_FLR.2: 16
    • ALC_LCD: 1
    • ALC_LCD.1: 6
    • ALC_TAT: 1
    • ALC_TAT.1: 7
  • ATE:
    • ATE_COV: 1
    • ATE_COV.2: 5
    • ATE_DPT: 1
    • ATE_DPT.3: 9
    • ATE_FUN: 1
    • ATE_FUN.1: 8
    • ATE_IND: 1
    • ATE_IND.2: 7
  • AVA:
    • AVA_VAN: 1
    • AVA_VAN.3: 7
pdf_data/st_keywords/cc_sfr
  • FAU:
    • FAU_GEN: 2
    • FAU_GEN.1: 4
    • FAU_GEN.1.1: 1
    • FAU_GEN.1.2: 1
    • FAU_GEN.2: 3
    • FAU_GEN.2.1: 1
    • FAU_STG_EXT: 1
    • FAU_STG_EXT.1: 3
    • FAU_STG_EXT.1.1: 1
    • FAU_STG_EXT.1.2: 1
    • FAU_STG_EXT.1.3: 1
  • FCS:
    • FCS_CKM: 7
    • FCS_CKM.1: 4
    • FCS_CKM.1.1: 1
    • FCS_CKM.2: 7
    • FCS_CKM.2.1: 1
    • FCS_CKM.4: 3
    • FCS_CKM.4.1: 1
    • FCS_COP: 15
    • FCS_COP.1: 4
    • FCS_RBG_EXT: 1
    • FCS_RBG_EXT.1: 5
    • FCS_RBG_EXT.1.1: 1
    • FCS_RBG_EXT.1.2: 1
    • FCS_SSHS_EXT: 1
    • FCS_SSHS_EXT.1: 3
    • FCS_SSHS_EXT.1.1: 2
    • FCS_SSHS_EXT.1.2: 1
    • FCS_SSHS_EXT.1.3: 1
    • FCS_SSHS_EXT.1.4: 1
    • FCS_SSHS_EXT.1.5: 2
    • FCS_SSHS_EXT.1.6: 1
    • FCS_SSHS_EXT.1.7: 1
    • FCS_SSHS_EXT.1.8: 2
    • FCS_TLSC_EXT: 1
    • FCS_TLSC_EXT.1: 3
    • FCS_TLSC_EXT.1.1: 2
    • FCS_TLSC_EXT.1.2: 1
    • FCS_TLSC_EXT.1.3: 1
    • FCS_TLSC_EXT.1.4: 1
    • FCS_TLSC_EXT.2: 7
    • FCS_TLSC_EXT.2.1: 2
    • FCS_TLSC_EXT.2.2: 2
    • FCS_TLSC_EXT.2.3: 2
    • FCS_TLSC_EXT.2.4: 2
    • FCS_TLSC_EXT.2.5: 2
    • FCS_TLSS_EXT: 2
    • FCS_TLSS_EXT.1: 3
    • FCS_TLSS_EXT.1.1: 1
    • FCS_TLSS_EXT.1.2: 1
    • FCS_TLSS_EXT.1.3: 1
    • FCS_TLSS_EXT.2: 2
    • FCS_TLSS_EXT.2.1: 1
    • FCS_TLSS_EXT.2.2: 1
    • FCS_TLSS_EXT.2.3: 1
    • FCS_TLSS_EXT.2.4: 1
    • FCS_TLSS_EXT.2.5: 1
    • FCS_TLSS_EXT.2.6: 1
  • FDP:
    • FDP_RIP: 1
    • FDP_RIP.2: 4
  • FIA:
    • FIA_AFL: 1
    • FIA_AFL.1: 6
    • FIA_AFL.1.1: 1
    • FIA_AFL.1.2: 1
    • FIA_PMG_EXT: 1
    • FIA_PMG_EXT.1: 3
    • FIA_PMG_EXT.1.1: 1
    • FIA_UAU: 1
    • FIA_UAU.7: 3
    • FIA_UAU.7.1: 1
    • FIA_UAU_EXT: 1
    • FIA_UAU_EXT.2: 2
    • FIA_UAU_EXT.2.1: 1
    • FIA_UIA_EXT: 1
    • FIA_UIA_EXT.1: 5
    • FIA_UIA_EXT.1.1: 1
    • FIA_UIA_EXT.1.2: 1
  • FMT:
    • FMT_MOF: 12
    • FMT_MOF.1: 3
    • FMT_MTD: 8
    • FMT_MTD.1: 3
    • FMT_SMF: 4
    • FMT_SMF.1: 4
    • FMT_SMF.1.1: 1
    • FMT_SMR: 1
    • FMT_SMR.2: 3
    • FMT_SMR.2.1: 1
    • FMT_SMR.2.2: 1
    • FMT_SMR.2.3: 1
  • FPT:
    • FPT_APW_EXT: 2
    • FPT_APW_EXT.1: 3
    • FPT_APW_EXT.1.1: 1
    • FPT_APW_EXT.1.2: 1
    • FPT_FLS: 4
    • FPT_FLS.1: 1
    • FPT_ITC.1: 1
    • FPT_SKP_EXT: 2
    • FPT_SKP_EXT.1: 2
    • FPT_SKP_EXT.1.1: 1
    • FPT_STM_EXT: 2
    • FPT_STM_EXT.1: 3
    • FPT_STM_EXT.1.1: 1
    • FPT_STM_EXT.1.2: 1
    • FPT_TST_EXT: 3
    • FPT_TST_EXT.1: 4
    • FPT_TST_EXT.1.1: 1
    • FPT_TST_EXT.3: 2
    • FPT_TST_EXT.3.1: 1
    • FPT_TST_EXT.3.2: 1
    • FPT_TUD_EXT: 2
    • FPT_TUD_EXT.1: 3
    • FPT_TUD_EXT.1.1: 1
    • FPT_TUD_EXT.1.2: 1
    • FPT_TUD_EXT.1.3: 2
  • FTA:
    • FTA_SSL: 2
    • FTA_SSL.3: 4
    • FTA_SSL.3.1: 1
    • FTA_SSL.4: 2
    • FTA_SSL.4.1: 1
    • FTA_SSL_EXT: 1
    • FTA_SSL_EXT.1: 4
    • FTA_SSL_EXT.1.1: 1
    • FTA_TAB: 1
    • FTA_TAB.1: 4
    • FTA_TAB.1.1: 1
  • FTP:
    • FTP_ITC: 3
    • FTP_ITC.1: 4
    • FTP_ITC.1.1: 2
    • FTP_ITC.1.2: 2
    • FTP_ITC.1.3: 2
    • FTP_TRP: 4
    • FTP_TRP.1: 3
  • FAU:
    • FAU_ARP: 2
    • FAU_ARP.1: 4
    • FAU_ARP.1.1: 1
    • FAU_GEN: 10
    • FAU_GEN.1: 4
    • FAU_GEN.2: 1
    • FAU_SAA: 7
    • FAU_SAA.1: 2
    • FAU_SAR: 4
    • FAU_SAR.1: 3
    • FAU_SAR.1.1: 1
    • FAU_SAR.1.2: 1
    • FAU_SAR.2: 4
    • FAU_SAR.2.1: 1
    • FAU_SAR.3: 3
    • FAU_SAR.3.1: 1
    • FAU_SEL: 5
    • FAU_SEL.1: 2
    • FAU_STG: 10
    • FAU_STG.1: 4
    • FAU_STG.1.1: 1
    • FAU_STG.1.2: 1
    • FAU_STG.3: 4
    • FAU_STG.3.1: 1
  • FCS:
    • FCS_CKM: 2
    • FCS_CKM.1: 9
    • FCS_CKM.1.1: 2
    • FCS_CKM.2: 3
    • FCS_CKM.2.1: 1
    • FCS_CKM.4: 5
    • FCS_CKM.4.1: 1
    • FCS_CKM_EXT: 1
    • FCS_CKM_EXT.2: 1
    • FCS_COP: 1
    • FCS_COP.1: 27
    • FCS_COP.1.1: 6
    • FCS_COP_EXT.1: 1
  • FDP:
    • FDP_IFC.1: 19
    • FDP_IFC.1.1: 3
    • FDP_IFF.1: 21
    • FDP_IFF.1.1: 3
    • FDP_IFF.1.2: 5
    • FDP_IFF.1.3: 3
    • FDP_IFF.1.4: 3
    • FDP_IFF.1.5: 3
    • FDP_IFF.1.6: 2
    • FDP_ITC.1: 2
    • FDP_ITC.2: 2
    • FDP_RIP: 1
    • FDP_RIP.2: 3
    • FDP_RIP.2.1: 1
  • FIA:
    • FIA_AFL: 1
    • FIA_AFL.1: 4
    • FIA_AFL.1.1: 1
    • FIA_AFL.1.2: 1
    • FIA_ATD: 1
    • FIA_ATD.1: 4
    • FIA_ATD.1.1: 1
    • FIA_UAU: 1
    • FIA_UAU.1: 5
    • FIA_UAU.1.1: 1
    • FIA_UAU.1.2: 1
    • FIA_UID: 1
    • FIA_UID.2: 3
    • FIA_UID.2.1: 1
    • FIA_USB: 1
    • FIA_USB.1: 3
    • FIA_USB.1.1: 1
  • FMT:
    • FMT_MOF.1: 25
    • FMT_MOF.1.1: 7
    • FMT_MSA: 11
    • FMT_MSA.1: 5
    • FMT_MSA.3: 11
    • FMT_MSA.3.1: 1
    • FMT_MSA.3.2: 1
    • FMT_MTD.1: 24
    • FMT_MTD.1.1: 7
    • FMT_MTD.2: 10
    • FMT_MTD.2.1: 2
    • FMT_MTD.2.2: 2
    • FMT_REV: 1
    • FMT_REV.1: 3
    • FMT_REV.1.1: 1
    • FMT_REV.1.2: 1
    • FMT_SMR: 1
    • FMT_SMR.1: 1
    • FMT_SMR.2: 3
    • FMT_SMR.2.1: 1
    • FMT_SMR.2.2: 1
    • FMT_SMR.2.3: 2
  • FPT:
    • FPT_FLS: 2
    • FPT_FLS.1: 7
    • FPT_FLS.1.1: 1
    • FPT_ITC: 3
    • FPT_ITC.1: 5
    • FPT_ITC.1.1: 1
    • FPT_ITT: 2
    • FPT_ITT.1: 6
    • FPT_ITT.1.1: 1
    • FPT_RCV: 1
    • FPT_RCV.1: 3
    • FPT_RCV.1.1: 1
    • FPT_RPL: 1
    • FPT_RPL.1: 3
    • FPT_RPL.1.1: 1
    • FPT_RPL.1.2: 1
    • FPT_STM: 1
    • FPT_STM.1: 6
    • FPT_STM.1.1: 1
    • FPT_TST.1: 10
    • FPT_TST.1.1: 2
    • FPT_TST.1.2: 2
    • FPT_TST.1.3: 2
  • FRU:
    • FRU_FLT: 2
    • FRU_FLT.1: 6
    • FRU_FLT.1.1: 1
    • FRU_RSA.1: 11
    • FRU_RSA.1.1: 2
  • FTA:
    • FTA_SSL: 4
    • FTA_SSL.1: 1
    • FTA_SSL.2: 4
    • FTA_SSL.2.1: 1
    • FTA_SSL.2.2: 1
    • FTA_SSL.3: 5
    • FTA_SSL.3.1: 1
    • FTA_TAB: 1
    • FTA_TAB.1: 4
    • FTA_TAB.1.1: 1
    • FTA_TSE: 1
    • FTA_TSE.1: 3
    • FTA_TSE.1.1: 1
  • FTP:
    • FTP_ITC.1: 8
    • FTP_ITC.1.1: 2
    • FTP_ITC.1.2: 2
    • FTP_ITC.1.3: 2
    • FTP_TRP.1: 8
    • FTP_TRP.1.1: 2
    • FTP_TRP.1.2: 2
    • FTP_TRP.1.3: 2
pdf_data/st_keywords/cc_claims
  • A:
    • A.PHYSICAL_PROTECTION: 1
  • OE:
    • OE.ADMIN_CREDENTIALS_SECURE: 1
    • OE.CONNECTIONS: 1
    • OE.NO_GENERAL_PURPOSE: 1
    • OE.NO_THRU_TRAFFIC_PROTECTION: 1
    • OE.PHYSICAL: 1
    • OE.RESIDUAL_INFORMATION: 1
    • OE.TRUSTED_ADMIN: 1
    • OE.UPDATES: 1
  • A:
    • A.NO_GENERAL_PURPOSE: 1
    • A.NO_TOE_BYPASS: 1
    • A.PHYSICAL: 1
    • A.UIA_ONLY: 1
  • O:
    • O.ADMIN_ROLE: 1
    • O.AUDIT_GENERATION: 1
    • O.AUDIT_PROTECTION: 1
    • O.AUDIT_REVIEW: 1
    • O.CHANGE_MANAGEMENT: 1
    • O.CORRECT_: 1
    • O.CRYPTOGRAPHIC_: 1
    • O.CRYPTOGRAPHY_: 1
    • O.DISPLAY_BANNER: 1
    • O.DOCUMENT_KEY_LEAKAGE: 1
    • O.MAINT_MODE: 2
    • O.MANAGE: 2
    • O.MEDIATE: 4
    • O.REPLAY_DETECTION: 1
    • O.RESIDUAL_INFORMATION: 1
    • O.RESOURCE_SHARING: 1
    • O.ROBUST_ADMIN_GUIDANCE: 1
    • O.ROBUST_TOE_ACCESS: 1
    • O.SELF_PROTECTION: 2
    • O.SOUND_IMPLEMENTATION: 1
    • O.THOROUGH_FUNCTIONAL_: 1
    • O.TIME_STAMPS: 1
    • O.TRUSTED_PATH: 1
    • O.VULNERABILITY_ANALYSIS_TEST: 1
  • OE:
    • OE.CRYPTANALYTIC: 1
    • OE.NO_GENERAL_PURPOSE: 1
    • OE.NO_TOE_BYPASS: 1
    • OE.PHYSICAL: 1
    • OE.UIA_ONLY: 1
  • T:
    • T.ADDRESS_MASQUERADE: 1
    • T.ADMIN_ERROR: 1
    • T.ADMIN_ROGUE: 1
    • T.AUDIT_COMPROMISE: 1
    • T.CRYPTO_COMPROMISE: 1
    • T.FLAWED_DESIGN: 1
    • T.FLAWED_IMPLEMENTATION: 1
    • T.MALICIOUS_TSF_: 1
    • T.MASQUERADE: 1
    • T.POOR_TEST: 1
    • T.REPLAY: 1
    • T.RESIDUAL_DATA: 1
    • T.RESOURCE_EXHAUSTION: 1
    • T.SPOOFING: 1
    • T.UNATTENDED_SESSION: 1
    • T.UNAUTHORIZED_ACCESS: 1
    • T.UNIDENTIFIED_ACTIONS: 1
    • T.UNKNOWN_STATE: 1
pdf_data/st_keywords/vendor
  • Broadcom:
    • Broadcom: 3
  • Microsoft:
    • Microsoft: 4
  • Microsoft:
    • Microsoft: 1
pdf_data/st_keywords/eval_facility
  • Leidos:
    • Leidos: 1
pdf_data/st_keywords/symmetric_crypto
  • AES_competition:
    • AES:
      • AES: 32
      • AES-: 1
      • AES-256: 6
  • DES:
    • 3DES:
      • 3DES: 1
  • constructions:
    • MAC:
      • HMAC: 11
      • HMAC-SHA-256: 8
      • HMAC-SHA-384: 4
      • HMAC-SHA-512: 6
  • AES_competition:
    • AES:
      • AES: 7
      • AES-256: 2
  • constructions:
    • MAC:
      • HMAC: 5
      • HMAC-SHA-256: 1
pdf_data/st_keywords/asymmetric_crypto
  • ECC:
    • ECC:
      • ECC: 7
    • ECDH:
      • ECDH: 2
      • ECDHE: 6
    • ECDSA:
      • ECDSA: 20
  • FF:
    • DH:
      • DH: 28
      • DHE: 4
      • Diffie-Hellman: 13
    • DSA:
      • DSA: 2
  • RSA:
    • RSA 2048: 1
    • RSA-2048: 1
  • FF:
    • DH:
      • DH: 6
      • Diffie-Hellman: 4
  • RSA:
    • RSA-2048: 2
pdf_data/st_keywords/hash_function
  • SHA:
    • SHA1:
      • SHA-1: 6
    • SHA2:
      • SHA-256: 6
      • SHA-384: 6
      • SHA-512: 4
      • SHA256: 13
  • SHA:
    • SHA1:
      • SHA-1: 15
    • SHA2:
      • SHA-2: 1
      • SHA-256: 1
      • SHA-384: 2
      • SHA-512: 2
pdf_data/st_keywords/crypto_scheme
  • KEX:
    • Key Exchange: 2
  • MAC:
    • MAC: 2
  • KEX:
    • Key Exchange: 2
pdf_data/st_keywords/crypto_protocol
  • IKE:
    • IKE: 29
    • IKEv1: 14
    • IKEv2: 13
  • IPsec:
    • IPsec: 95
  • SSH:
    • SSH: 54
  • TLS:
    • SSL:
      • SSL: 9
      • SSL 2.0: 4
      • SSL 3.0: 4
    • TLS:
      • TLS: 108
      • TLS 1.0: 4
      • TLS 1.1: 4
      • TLS 1.2: 7
      • TLS1.1: 1
      • TLS1.2: 2
      • TLSv1.1: 2
      • TLSv1.2: 7
  • VPN:
    • VPN: 84
  • IKE:
    • IKE: 13
    • IKEv1: 2
  • IPsec:
    • IPsec: 1
  • SSH:
    • SSH: 14
  • TLS:
    • SSL:
      • SSL: 22
    • TLS:
      • TLS: 3
      • TLS 1.2: 1
      • TLS v1.0: 3
      • TLSv1.0: 1
  • VPN:
    • VPN: 40
pdf_data/st_keywords/randomness
  • PRNG:
    • DRBG: 14
  • RNG:
    • RBG: 3
  • PRNG:
    • PRNG: 1
  • RNG:
    • RNG: 8
pdf_data/st_keywords/cipher_mode
  • CBC:
    • CBC: 11
  • CCM:
    • CCM: 5
  • CTR:
    • CTR: 7
  • GCM:
    • GCM: 14
  • CBC:
    • CBC: 3
  • CTR:
    • CTR: 2
  • ECB:
    • ECB: 2
pdf_data/st_keywords/ecc_curve
  • NIST:
    • P-256: 18
    • P-384: 16
    • P-521: 12
    • secp256r1: 8
    • secp384r1: 8
    • secp521r1: 4
pdf_data/st_keywords/tls_cipher_suite
  • TLS:
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA: 8
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA: 8
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: 8
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: 5
    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 8
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: 8
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: 5
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 8
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: 5
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: 3
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 5
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: 5
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: 3
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 5
    • TLS_RSA_WITH_AES_128_CBC_SHA: 3
    • TLS_RSA_WITH_AES_128_CBC_SHA256: 3
    • TLS_RSA_WITH_AES_256_CBC_SHA: 3
  • TLS:
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA: 1
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA: 1
    • TLS_RSA_WITH_AES_128_CBC_SHA: 1
    • TLS_RSA_WITH_AES_256_CBC_SHA: 1
pdf_data/st_keywords/crypto_library
  • OpenSSL:
    • OpenSSL: 6
pdf_data/st_keywords/standard_id
  • FIPS:
    • FIPS 140-2: 2
    • FIPS 186-4: 3
    • FIPS PUB 186-4: 15
  • ISO:
    • ISO/IEC 10118-: 1
    • ISO/IEC 14888-3: 2
    • ISO/IEC 18031:2011: 5
    • ISO/IEC 9796-2: 2
  • NIST:
    • NIST SP 800-56A: 2
    • SP 800-90A: 2
  • PKCS:
    • PKCS #1: 2
    • PKCS#12: 2
  • RFC:
    • RFC 2460: 2
    • RFC 2818: 3
    • RFC 2986: 2
    • RFC 3268: 22
    • RFC 3447: 2
    • RFC 3513: 2
    • RFC 3526: 9
    • RFC 35267: 1
    • RFC 3602: 3
    • RFC 3986: 1
    • RFC 4106: 1
    • RFC 4109: 1
    • RFC 4253: 2
    • RFC 4301: 2
    • RFC 4303: 2
    • RFC 4304: 1
    • RFC 4346: 4
    • RFC 4443: 1
    • RFC 4492: 26
    • RFC 4868: 1
    • RFC 4945: 1
    • RFC 5246: 23
    • RFC 5280: 5
    • RFC 5289: 42
    • RFC 5735: 2
    • RFC 5759: 2
    • RFC 5996: 3
    • RFC 6125: 4
    • RFC 6598: 2
    • RFC 6960: 1
    • RFC 768: 2
    • RFC 791: 2
    • RFC 792: 1
    • RFC 793: 3
    • RFC 959: 1
    • RFC2409: 1
    • RFC4945: 1
  • X509:
    • X.509: 8
  • CC:
    • CCMB-2007-09-002: 1
    • CCMB-2007-09-003: 1
  • FIPS:
    • FIPS 140-2: 12
    • FIPS 180-3: 1
    • FIPS PUB 140-2: 7
    • FIPS140-2: 1
  • NIST:
    • NIST SP 800-57: 3
  • RFC:
    • RFC 792: 2
pdf_data/st_keywords/certification_process
  • OutOfScope:
    • and URL Filtering security policies/profiles are not evaluated and therefore, these features are out of scope. API request over HTTP By default, the TOE supports API requests over HTTPS or HTTPS tunneled over: 1
    • ISP links to ensure application performance and scale capacity. The SD-WAN capability is considered out of scope. PAN OS 9.1.8 Security Target Palo Alto Networks Page 23 of 84 Feature Description Include: 1
    • Policies The TLS and SSH decryption policies are not evaluated and therefore, these features are out of scope. Anti-Virus, Anti-Spyware, Anti- Malware Security Policies The Anti-Virus, Anti-Spyware: 1
    • by the security functional requirements: TLS, HTTPS, SSH, IKE/IPsec. The features below are out of scope. Table 2 Excluded Features Feature Description Telnet and HTTP Management Protocols Telnet and HTTP: 1
    • is secured with TLS using FIPS-approved algorithms. The threat prevention signatures themselves are out of scope (i.e., not evaluated). Management The next-generation firewall provides both direct and remote: 1
    • malformed, fragmented packets. The protection from viruses, worm, and spyware using signatures are out of scope (i.e., not evaluated). DoS Protection – the firewall is designed to protect against flooding: 1
    • out of scope: 7
    • security policies (i.e., profiles) are not evaluated and therefore, there features are out of scope. File Blocking, DLP, and URL Filtering Security Policies The File Blocking, DLP (Data Loss: 1
pdf_data/st_metadata
state/cert/convert_garbage True False
state/cert/convert_ok True False
state/cert/download_ok True False
state/cert/extract_ok True False
state/cert/pdf_hash Different Different
state/cert/txt_hash Different Different
state/report/pdf_hash Different Different
state/report/txt_hash Different Different
state/st/pdf_hash Different Different
state/st/txt_hash Different Different