Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0

Heuristics

References

No references are available for this certificate.

Updates Feed

• 12.05.2025

  Changed

  The certificate data changed.

  Show diff

  Certificate changed

  The computed heuristics were updated.

  • The scheme_data property was set to None.
• 03.04.2025

  Changed

  The certificate data changed.

  Show diff

  Certificate changed

  The PDF extraction data was updated.

  • The report_keywords property was updated, with the {'crypto_protocol': {'__update__': {'SSH': {'__insert__': {'SSHv2': 3}}}}} data.
  • The st_keywords property was updated, with the {'crypto_protocol': {'__update__': {'SSH': {'__insert__': {'SSHv2': 7}}}}} data.
• 10.02.2025

  Changed

  The certificate data changed.

  Show diff

  Certificate changed

  The computed heuristics were updated.

  • The scheme_data property was set to {'product': 'Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0', 'id': 'CCEVS-VR-VID11063', 'url': 'https://www.niap-ccevs.org/product/11063', 'certification_date': '2020-10-14', 'expiration_date': '2022-10-14', 'category': 'Firewall, Network Device, Virtual Private Network', 'vendor': 'Palo Alto Networks, Inc.', 'evaluation_facility': 'Leidos Common Criteria Testing Laboratory', 'scheme': 'US'}.
• 05.02.2025

  Changed

  The certificate data changed.

  Show diff

  Certificate changed

  The state of the certificate object was updated.

  • The report property was updated, with the {'_type': 'sec_certs.sample.document_state.DocumentState'} data.
  • The st property was updated, with the {'_type': 'sec_certs.sample.document_state.DocumentState'} data.
  • The cert property was updated, with the {'_type': 'sec_certs.sample.document_state.DocumentState'} data.

  The computed heuristics were updated.

  • The following values were inserted: {'protection_profiles': {'_type': 'Set', 'elements': ['fa0610a54305df78', 'cf18fa171ef6e928']}, 'eal': 'EAL1'}.
  • The prev_certificates property was set to None.
  • The next_certificates property was set to None.
  • The scheme_data property was set to None.
• 06.01.2025

  Changed

  The certificate data changed.

  Show diff

  Certificate changed

  The computed heuristics were updated.

  • The scheme_data property was set to {'product': 'Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0', 'id': 'CCEVS-VR-VID11063', 'url': 'https://www.niap-ccevs.org/product/11063', 'certification_date': '2020-10-14', 'expiration_date': '2022-10-14', 'category': 'Firewall, Network Device, Virtual Private Network', 'vendor': 'Palo Alto Networks, Inc.', 'evaluation_facility': 'Leidos Common Criteria Testing Laboratory', 'scheme': 'US'}.
• 30.12.2024

  Changed

  The certificate data changed.

  Show diff

  Certificate changed

  The computed heuristics were updated.

  • The scheme_data property was set to None.
• 16.12.2024

  Changed

  The certificate data changed.

  Show diff

  Certificate changed

  The computed heuristics were updated.

  • The scheme_data property was set to {'product': 'Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0', 'id': 'CCEVS-VR-VID11063', 'url': 'https://www.niap-ccevs.org/product/11063', 'certification_date': '2020-10-14', 'expiration_date': '2022-10-14', 'category': 'Firewall, Network Device, Virtual Private Network', 'vendor': 'Palo Alto Networks, Inc.', 'evaluation_facility': 'Leidos Common Criteria Testing Laboratory', 'scheme': 'US'}.
• 09.12.2024

  Changed

  The certificate data changed.

  Show diff

  Certificate changed

  The computed heuristics were updated.

  • The scheme_data property was set to None.
• 21.11.2024

  Changed

  The certificate data changed.

  Show diff

  Certificate changed

  The computed heuristics were updated.

  • The following values were inserted: {'prev_certificates': [], 'next_certificates': []}.
• 09.11.2024

  Changed

  The certificate data changed.

  Show diff

  Certificate changed

  The computed heuristics were updated.

  • The scheme_data property was updated, with the {'certification_date': '2020-10-14', 'expiration_date': '2022-10-14'} data.
• 17.10.2024

  Changed

  The certificate data changed.

  Show diff

  Certificate changed

  The Protection Profiles of the certificate were updated.

  • The following values were removed: {'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.protection_profile.ProtectionProfile', 'pp_name': 'PP-Module for Virtual Private Network (VPN) Gateways', 'pp_eal': None, 'pp_link': 'https://www.commoncriteriaportal.org/nfs/ccpfiles/files/ppfiles/MOD_VPNGW_V1.0.pdf', 'pp_ids': None}]}.
  • The following values were added: {'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.protection_profile.ProtectionProfile', 'pp_name': 'PP-Module for Virtual Private Network (VPN) Gateways', 'pp_eal': 'EAL1', 'pp_link': 'https://www.commoncriteriaportal.org/files/ppfiles/MOD_VPNGW_V1.0.pdf', 'pp_ids': None}]}.

  The Maintenance Updates of the certificate were updated.

  • The following values were removed: {'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.cc.CCCertificate.MaintenanceReport', 'maintenance_date': '2021-04-22', 'maintenance_title': 'Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.1.8', 'maintenance_report_link': 'https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-add1.pdf', 'maintenance_st_link': None}]}.
  • The following values were added: {'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.cc.CCCertificate.MaintenanceReport', 'maintenance_date': '2021-04-22', 'maintenance_title': 'Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.1.8', 'maintenance_report_link': 'https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-add1.pdf', 'maintenance_st_link': 'https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-st.pdf'}]}.
• 22.08.2024

  Changed

  The certificate data changed.

  Show diff

  Certificate changed

  The state of the certificate object was updated.

  • The report property was updated, with the {'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': '7663d558ab2c7f9c6965539e780099353ef8b54834d4203e3e993958f64f76cb', 'txt_hash': '52c74063ae89b7fec0380b9fb46189a30f5d695d7f77635ee20621cd5a1a4942'} data.
  • The st property was updated, with the {'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': '0b00bc736c2c1c3461fd6c0d672d6ff3c1a50d3bae374e5ab3146d2f04518543', 'txt_hash': 'f1d4a140fa832fb3a7009995464701273ca9b819ab118fb2bc11d58309660e96'} data.
  • The cert property was updated, with the {'download_ok': True, 'convert_garbage': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': '2beae7bf5c19ad78adb0dcc46962e010d07eb77bce05fd62895332d89cee55db', 'txt_hash': 'd077489bfcd9ee914094fd03a23134da69875480e0f46ab3dfabd05422cfaf7f'} data.

  The PDF extraction data was updated.

  • The report_metadata property was set to {'pdf_file_size_bytes': 778696, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 38, '/CreationDate': "D:20210517140421-04'00'", '/ModDate': "D:20210517140421-04'00'", 'pdf_hyperlinks': {'_type': 'Set', 'elements': []}}.
  • The st_metadata property was set to {'pdf_file_size_bytes': 1510267, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 88, '/CreationDate': "D:20210412140143-04'00'", '/ModDate': "D:20210412140143-04'00'", 'pdf_hyperlinks': {'_type': 'Set', 'elements': ['https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=406', 'http://www.paloaltonetworks.com/', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0511', 'https://www.nsa.gov/Portals/70/documents/resources/everyone/csfc/components-list/selections/vpn-gateways.pdf', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=433', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=407', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=410', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0480', 'https://www.paloaltonetworks.com/company/trademarks.html', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=408', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=411', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0478', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=409', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=422', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=418', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0483', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0520', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=419', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=420', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0484', 'file:///C:/Users/beaverg/Desktop/CCTL%20Projects/Palo%20Alto%20Panorama/Received%20from%20Vendor/updates.paloaltonetworks.com', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0450', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0475', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=412', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0481', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=405', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0482', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=417', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=435', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=434', 'https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0477']}}.
  • The cert_metadata property was set to {'pdf_file_size_bytes': 182814, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 1, '/ModDate': "D:20201021133635-04'00'", '/CreationDate': "D:20201021133635-04'00'", '/Producer': 'iText 2.1.0 (by lowagie.com)', 'pdf_hyperlinks': {'_type': 'Set', 'elements': []}}.
  • The report_frontpage property was set to {'US': {'cert_id': 'CCEVS-VR-VID11063-2020', 'cert_item': 'for Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0', 'cert_lab': 'US NIAP'}}.
  • The report_keywords property was set to {'cc_cert_id': {'US': {'CCEVS-VR-VID11063-2020': 1}}, 'cc_protection_profile_id': {}, 'cc_security_level': {}, 'cc_sar': {}, 'cc_sfr': {}, 'cc_claims': {}, 'vendor': {'Microsoft': {'Microsoft': 2}}, 'eval_facility': {'Leidos': {'Leidos': 7}}, 'symmetric_crypto': {}, 'asymmetric_crypto': {}, 'pq_crypto': {}, 'hash_function': {}, 'crypto_scheme': {}, 'crypto_protocol': {'SSH': {'SSH': 14}, 'TLS': {'TLS': {'TLS': 10}}, 'IPsec': {'IPsec': 12}, 'VPN': {'VPN': 18}}, 'randomness': {}, 'cipher_mode': {}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {}, 'technical_report_id': {}, 'device_model': {}, 'tee_name': {}, 'os_name': {}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {'OutOfScope': {'out of scope': 4, 'by the security functional requirements: TLS, HTTPS, SSH, IKE/IPsec. The features below are out of scope. Table 2 Excluded Features Feature Description Telnet and HTTP Management Protocols Telnet and HTTP': 1, 'Policies The TLS and SSH decryption policies are not evaluated and therefore, these features are out of scope. Anti-Virus, Anti-Spyware, Anti-Malware Security Policies The Anti-Virus, Anti-Spyware': 1, 'security policies (i.e., profiles) are not evaluated and therefore, there features are out of scope. File Blocking, DLP, and URL Filtering Security Policies The File Blocking, DLP (Data Loss': 1, ' and URL Filtering security policies/profiles are not evaluated and therefore, these features are out of scope. API request over HTTP By default, the TOE supports API requests over HTTPS or HTTPS tunneled over': 1}}}.
  • The st_keywords property was set to {'cc_cert_id': {}, 'cc_protection_profile_id': {}, 'cc_security_level': {}, 'cc_sar': {'ADV': {'ADV_FSP.1': 1}, 'AGD': {'AGD_OPE': 1, 'AGD_PRE': 1}, 'ALC': {'ALC_CMC.1': 1, 'ALC_CMS.1': 1}, 'ATE': {'ATE_IND.1': 1}, 'AVA': {'AVA_VAN.1': 1}, 'ASE': {'ASE_INT': 1, 'ASE_CCL': 1, 'ASE_SPD': 1, 'ASE_OBJ': 1, 'ASE_ECD': 1, 'ASE_REQ': 1, 'ASE_TSS': 1}}, 'cc_sfr': {'FAU': {'FAU_GEN.1': 4, 'FAU_GEN': 2, 'FAU_STG_EXT': 1, 'FAU_GEN.1.1': 1, 'FAU_GEN.1.2': 1, 'FAU_GEN.2': 3, 'FAU_STG_EXT.1': 3, 'FAU_GEN.2.1': 1, 'FAU_STG_EXT.1.1': 1, 'FAU_STG_EXT.1.2': 1, 'FAU_STG_EXT.1.3': 1}, 'FCS': {'FCS_SSHS_EXT.1.5': 2, 'FCS_CKM.2': 7, 'FCS_TLSC_EXT.1.1': 2, 'FCS_CKM': 7, 'FCS_COP': 15, 'FCS_RBG_EXT': 1, 'FCS_SSHS_EXT': 1, 'FCS_TLSC_EXT': 1, 'FCS_TLSC_EXT.2': 7, 'FCS_TLSS_EXT': 2, 'FCS_CKM.1': 4, 'FCS_CKM.4': 3, 'FCS_RBG_EXT.1': 5, 'FCS_SSHS_EXT.1': 3, 'FCS_TLSC_EXT.1': 3, 'FCS_TLSS_EXT.1': 3, 'FCS_TLSS_EXT.2': 2, 'FCS_CKM.1.1': 1, 'FCS_CKM.2.1': 1, 'FCS_CKM.4.1': 1, 'FCS_COP.1': 4, 'FCS_RBG_EXT.1.1': 1, 'FCS_RBG_EXT.1.2': 1, 'FCS_SSHS_EXT.1.1': 2, 'FCS_SSHS_EXT.1.2': 1, 'FCS_SSHS_EXT.1.3': 1, 'FCS_SSHS_EXT.1.4': 1, 'FCS_SSHS_EXT.1.6': 1, 'FCS_SSHS_EXT.1.7': 1, 'FCS_SSHS_EXT.1.8': 2, 'FCS_TLSC_EXT.1.2': 1, 'FCS_TLSC_EXT.1.3': 1, 'FCS_TLSC_EXT.1.4': 1, 'FCS_TLSC_EXT.2.1': 2, 'FCS_TLSC_EXT.2.2': 2, 'FCS_TLSC_EXT.2.3': 2, 'FCS_TLSC_EXT.2.4': 2, 'FCS_TLSC_EXT.2.5': 2, 'FCS_TLSS_EXT.1.1': 1, 'FCS_TLSS_EXT.1.2': 1, 'FCS_TLSS_EXT.1.3': 1, 'FCS_TLSS_EXT.2.1': 1, 'FCS_TLSS_EXT.2.2': 1, 'FCS_TLSS_EXT.2.3': 1, 'FCS_TLSS_EXT.2.4': 1, 'FCS_TLSS_EXT.2.5': 1, 'FCS_TLSS_EXT.2.6': 1}, 'FDP': {'FDP_RIP': 1, 'FDP_RIP.2': 4}, 'FIA': {'FIA_AFL.1': 6, 'FIA_AFL': 1, 'FIA_PMG_EXT': 1, 'FIA_UIA_EXT': 1, 'FIA_UAU_EXT': 1, 'FIA_UAU': 1, 'FIA_PMG_EXT.1': 3, 'FIA_UIA_EXT.1': 5, 'FIA_UAU_EXT.2': 2, 'FIA_UAU.7': 3, 'FIA_AFL.1.1': 1, 'FIA_AFL.1.2': 1, 'FIA_PMG_EXT.1.1': 1, 'FIA_UIA_EXT.1.1': 1, 'FIA_UIA_EXT.1.2': 1, 'FIA_UAU_EXT.2.1': 1, 'FIA_UAU.7.1': 1}, 'FMT': {'FMT_MOF': 12, 'FMT_MTD': 8, 'FMT_SMF': 4, 'FMT_SMR': 1, 'FMT_SMF.1': 4, 'FMT_SMR.2': 3, 'FMT_MOF.1': 3, 'FMT_MTD.1': 3, 'FMT_SMF.1.1': 1, 'FMT_SMR.2.1': 1, 'FMT_SMR.2.2': 1, 'FMT_SMR.2.3': 1}, 'FPT': {'FPT_APW_EXT.1': 3, 'FPT_TUD_EXT.1': 3, 'FPT_ITC.1': 1, 'FPT_SKP_EXT': 2, 'FPT_APW_EXT': 2, 'FPT_FLS': 4, 'FPT_TST_EXT': 3, 'FPT_TUD_EXT': 2, 'FPT_STM_EXT': 2, 'FPT_SKP_EXT.1': 2, 'FPT_TST_EXT.1': 4, 'FPT_TST_EXT.3': 2, 'FPT_STM_EXT.1': 3, 'FPT_SKP_EXT.1.1': 1, 'FPT_APW_EXT.1.1': 1, 'FPT_APW_EXT.1.2': 1, 'FPT_FLS.1': 1, 'FPT_TST_EXT.1.1': 1, 'FPT_TST_EXT.3.1': 1, 'FPT_TST_EXT.3.2': 1, 'FPT_TUD_EXT.1.1': 1, 'FPT_TUD_EXT.1.2': 1, 'FPT_TUD_EXT.1.3': 2, 'FPT_STM_EXT.1.1': 1, 'FPT_STM_EXT.1.2': 1}, 'FTA': {'FTA_SSL_EXT.1': 4, 'FTA_SSL.3': 4, 'FTA_SSL_EXT': 1, 'FTA_SSL': 2, 'FTA_TAB': 1, 'FTA_SSL.4': 2, 'FTA_TAB.1': 4, 'FTA_SSL_EXT.1.1': 1, 'FTA_SSL.3.1': 1, 'FTA_SSL.4.1': 1, 'FTA_TAB.1.1': 1}, 'FTP': {'FTP_ITC': 3, 'FTP_TRP': 4, 'FTP_ITC.1': 4, 'FTP_ITC.1.1': 2, 'FTP_ITC.1.2': 2, 'FTP_ITC.1.3': 2, 'FTP_TRP.1': 3}}, 'cc_claims': {'A': {'A.PHYSICAL_PROTECTION': 1}, 'OE': {'OE.PHYSICAL': 1, 'OE.NO_GENERAL_PURPOSE': 1, 'OE.NO_THRU_TRAFFIC_PROTECTION': 1, 'OE.UPDATES': 1, 'OE.ADMIN_CREDENTIALS_SECURE': 1, 'OE.TRUSTED_ADMIN': 1, 'OE.RESIDUAL_INFORMATION': 1, 'OE.CONNECTIONS': 1}}, 'vendor': {'Broadcom': {'Broadcom': 3}, 'Microsoft': {'Microsoft': 4}}, 'eval_facility': {}, 'symmetric_crypto': {'AES_competition': {'AES': {'AES': 32, 'AES-256': 6, 'AES-': 1}}, 'DES': {'3DES': {'3DES': 1}}, 'constructions': {'MAC': {'HMAC': 11, 'HMAC-SHA-256': 8, 'HMAC-SHA-512': 6, 'HMAC-SHA-384': 4}}}, 'asymmetric_crypto': {'RSA': {'RSA 2048': 1, 'RSA-2048': 1}, 'ECC': {'ECDH': {'ECDH': 2, 'ECDHE': 6}, 'ECDSA': {'ECDSA': 20}, 'ECC': {'ECC': 7}}, 'FF': {'DH': {'DH': 28, 'Diffie-Hellman': 13, 'DHE': 4}, 'DSA': {'DSA': 2}}}, 'pq_crypto': {}, 'hash_function': {'SHA': {'SHA1': {'SHA-1': 6}, 'SHA2': {'SHA-256': 6, 'SHA-384': 6, 'SHA-512': 4, 'SHA256': 13}}}, 'crypto_scheme': {'MAC': {'MAC': 2}, 'KEX': {'Key Exchange': 2}}, 'crypto_protocol': {'SSH': {'SSH': 54}, 'TLS': {'SSL': {'SSL': 9, 'SSL 2.0': 4, 'SSL 3.0': 4}, 'TLS': {'TLS1.1': 1, 'TLS1.2': 2, 'TLS': 108, 'TLS 1.2': 7, 'TLSv1.2': 7, 'TLS 1.1': 4, 'TLS 1.0': 4, 'TLSv1.1': 2}}, 'IKE': {'IKE': 29, 'IKEv1': 14, 'IKEv2': 13}, 'IPsec': {'IPsec': 95}, 'VPN': {'VPN': 84}}, 'randomness': {'PRNG': {'DRBG': 14}, 'RNG': {'RBG': 3}}, 'cipher_mode': {'CBC': {'CBC': 11}, 'CTR': {'CTR': 7}, 'GCM': {'GCM': 14}, 'CCM': {'CCM': 5}}, 'ecc_curve': {'NIST': {'P-256': 18, 'P-384': 16, 'P-521': 12, 'secp256r1': 8, 'secp384r1': 8, 'secp521r1': 4}}, 'crypto_engine': {}, 'tls_cipher_suite': {'TLS': {'TLS_RSA_WITH_AES_128_CBC_SHA': 3, 'TLS_RSA_WITH_AES_256_CBC_SHA': 3, 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA': 8, 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA': 8, 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 5, 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 5, 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA': 8, 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA': 8, 'TLS_RSA_WITH_AES_128_CBC_SHA256': 3, 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256': 5, 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384': 5, 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256': 8, 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384': 8, 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256': 5, 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384': 5, 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256': 3, 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384': 3}}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {}, 'technical_report_id': {}, 'device_model': {}, 'tee_name': {}, 'os_name': {}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {'FIPS': {'FIPS 186-4': 3, 'FIPS 140-2': 2, 'FIPS PUB 186-4': 15}, 'NIST': {'SP 800-90A': 2, 'NIST SP 800-56A': 2}, 'PKCS': {'PKCS #1': 2, 'PKCS#12': 2}, 'RFC': {'RFC 3526': 9, 'RFC 3447': 2, 'RFC 2818': 3, 'RFC 4253': 2, 'RFC 5246': 23, 'RFC 3268': 22, 'RFC 4492': 26, 'RFC 5289': 42, 'RFC 6125': 4, 'RFC 4346': 4, 'RFC 4301': 2, 'RFC 4303': 2, 'RFC 3602': 3, 'RFC 4106': 1, 'RFC 4109': 1, 'RFC 4304': 1, 'RFC 5996': 3, 'RFC 4868': 1, 'RFC 4945': 1, 'RFC 5280': 5, 'RFC 6960': 1, 'RFC 5759': 2, 'RFC 2986': 2, 'RFC 5735': 2, 'RFC 3513': 2, 'RFC 6598': 2, 'RFC 791': 2, 'RFC 2460': 2, 'RFC 793': 3, 'RFC 768': 2, 'RFC 35267': 1, 'RFC 3986': 1, 'RFC4945': 1, 'RFC2409': 1, 'RFC 792': 1, 'RFC 4443': 1, 'RFC 959': 1}, 'ISO': {'ISO/IEC 9796-2': 2, 'ISO/IEC 14888-3': 2, 'ISO/IEC 10118-': 1, 'ISO/IEC 18031:2011': 5}, 'X509': {'X.509': 8}}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {'OutOfScope': {'out of scope': 7, 'malformed, fragmented packets. The protection from viruses, worm, and spyware using signatures are out of scope (i.e., not evaluated). DoS Protection – the firewall is designed to protect against flooding': 1, 'is secured with TLS using FIPS-approved algorithms. The threat prevention signatures themselves are out of scope (i.e., not evaluated). Management The next-generation firewall provides both direct and remote': 1, 'by the security functional requirements: TLS, HTTPS, SSH, IKE/IPsec. The features below are out of scope. Table 2 Excluded Features Feature Description Telnet and HTTP Management Protocols Telnet and HTTP': 1, 'Policies The TLS and SSH decryption policies are not evaluated and therefore, these features are out of scope. Anti-Virus, Anti-Spyware, Anti- Malware Security Policies The Anti-Virus, Anti-Spyware': 1, 'security policies (i.e., profiles) are not evaluated and therefore, there features are out of scope. File Blocking, DLP, and URL Filtering Security Policies The File Blocking, DLP (Data Loss': 1, ' and URL Filtering security policies/profiles are not evaluated and therefore, these features are out of scope. API request over HTTP By default, the TOE supports API requests over HTTPS or HTTPS tunneled over': 1, 'ISP links to ensure application performance and scale capacity. The SD-WAN capability is considered out of scope. PAN OS 9.1.8 Security Target Palo Alto Networks Page 23 of 84 Feature Description Include': 1}}}.
  • The cert_keywords property was set to {'cc_cert_id': {'US': {'CCEVS-VR-VID11063-2020': 1}}, 'cc_protection_profile_id': {}, 'cc_security_level': {}, 'cc_sar': {}, 'cc_sfr': {}, 'cc_claims': {}, 'vendor': {}, 'eval_facility': {'Leidos': {'Leidos': 1}}, 'symmetric_crypto': {}, 'asymmetric_crypto': {}, 'pq_crypto': {}, 'hash_function': {}, 'crypto_scheme': {}, 'crypto_protocol': {'VPN': {'VPN': 1}}, 'randomness': {}, 'cipher_mode': {}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {}, 'technical_report_id': {}, 'device_model': {}, 'tee_name': {}, 'os_name': {}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {}}.
  • The report_filename property was set to st_vid11063-vr.pdf.
  • The st_filename property was set to st_vid11063-st.pdf.
  • The cert_filename property was set to st_vid11063-ci.pdf.

  The computed heuristics were updated.

  • The cert_lab property was set to ['US'].
  • The cert_id property was set to CCEVS-VR-VID-11063-2020.
  • The extracted_sars property was set to {'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_FSP', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_CMC', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_CMS', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AVA_VAN', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_IND', 'level': 1}]}.
• 17.08.2024

  Changed

  The certificate data changed.

  Show diff

  Certificate changed

  The report_link was updated.

  • The new value is https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-vr.pdf.

  The st_link was updated.

  • The new value is https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-st.pdf.

  The state of the certificate object was updated.

  • The report property was updated, with the {'download_ok': False, 'convert_ok': False, 'extract_ok': False, 'pdf_hash': None, 'txt_hash': None} data.
  • The st property was updated, with the {'download_ok': False, 'convert_ok': False, 'extract_ok': False, 'pdf_hash': None, 'txt_hash': None} data.
  • The cert property was updated, with the {'download_ok': False, 'convert_garbage': False, 'convert_ok': False, 'extract_ok': False, 'pdf_hash': None, 'txt_hash': None} data.

  The PDF extraction data was updated.

  • The report_metadata property was set to None.
  • The st_metadata property was set to None.
  • The cert_metadata property was set to None.
  • The report_frontpage property was set to None.
  • The report_keywords property was set to None.
  • The st_keywords property was set to None.
  • The cert_keywords property was set to None.
  • The report_filename property was set to None.
  • The st_filename property was set to None.
  • The cert_filename property was set to None.

  The computed heuristics were updated.

  • The cert_lab property was set to None.
  • The cert_id property was set to None.
  • The extracted_sars property was set to None.
• 23.07.2024

  New

  The certificate was first processed.

  Show diff

  New certificate

  A new Common Criteria certificate with the product name Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0 was processed.

Raw data

{
  "_type": "sec_certs.sample.cc.CCCertificate",
  "category": "Network and Network-Related Devices and Systems",
  "cert_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-ci.pdf",
  "dgst": "d0bdbe099855466b",
  "heuristics": {
    "_type": "sec_certs.sample.cc.CCCertificate.Heuristics",
    "annotated_references": null,
    "cert_id": "CCEVS-VR-VID-11063-2020",
    "cert_lab": [
      "US"
    ],
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "eal": "EAL1",
    "extracted_sars": {
      "_type": "Set",
      "elements": [
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_CMC",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_CMS",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_FSP",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_IND",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "AVA_VAN",
          "level": 1
        }
      ]
    },
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "9.0"
      ]
    },
    "indirect_transitive_cves": null,
    "next_certificates": null,
    "prev_certificates": null,
    "protection_profiles": {
      "_type": "Set",
      "elements": [
        "cf18fa171ef6e928",
        "fa0610a54305df78"
      ]
    },
    "related_cves": null,
    "report_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "scheme_data": null,
    "st_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "verified_cpe_matches": null
  },
  "maintenance_updates": {
    "_type": "Set",
    "elements": [
      {
        "_type": "sec_certs.sample.cc.CCCertificate.MaintenanceReport",
        "maintenance_date": "2021-06-30",
        "maintenance_report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-add2.pdf",
        "maintenance_st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-st-2.pdf",
        "maintenance_title": "Palo Alto Networks PA-220 Series, PA-800 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 10.0.5"
      },
      {
        "_type": "sec_certs.sample.cc.CCCertificate.MaintenanceReport",
        "maintenance_date": "2021-04-22",
        "maintenance_report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-add1.pdf",
        "maintenance_st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-st.pdf",
        "maintenance_title": "Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.1.8"
      }
    ]
  },
  "manufacturer": "Palo Alto Networks, Inc.",
  "manufacturer_web": "https://www.paloaltonetworks.com/",
  "name": "Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0",
  "not_valid_after": "2022-10-14",
  "not_valid_before": "2020-10-14",
  "pdf_data": {
    "_type": "sec_certs.sample.cc.CCCertificate.PdfData",
    "cert_filename": "st_vid11063-ci.pdf",
    "cert_frontpage": null,
    "cert_keywords": {
      "asymmetric_crypto": {},
      "cc_cert_id": {
        "US": {
          "CCEVS-VR-VID11063-2020": 1
        }
      },
      "cc_claims": {},
      "cc_protection_profile_id": {},
      "cc_sar": {},
      "cc_security_level": {},
      "cc_sfr": {},
      "certification_process": {},
      "cipher_mode": {},
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "VPN": {
          "VPN": 1
        }
      },
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {
        "Leidos": {
          "Leidos": 1
        }
      },
      "hash_function": {},
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {},
      "side_channel_analysis": {},
      "standard_id": {},
      "symmetric_crypto": {},
      "technical_report_id": {},
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "cert_metadata": {
      "/CreationDate": "D:20201021133635-04\u002700\u0027",
      "/ModDate": "D:20201021133635-04\u002700\u0027",
      "/Producer": "iText 2.1.0 (by lowagie.com)",
      "pdf_file_size_bytes": 182814,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 1
    },
    "report_filename": "st_vid11063-vr.pdf",
    "report_frontpage": {
      "US": {
        "cert_id": "CCEVS-VR-VID11063-2020",
        "cert_item": "for Palo Alto Networks PA-220 Series, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, PA-7000 Series, and VM Series Next-Generation Firewall with PAN-OS 9.0",
        "cert_lab": "US NIAP"
      }
    },
    "report_keywords": {
      "asymmetric_crypto": {},
      "cc_cert_id": {
        "US": {
          "CCEVS-VR-VID11063-2020": 1
        }
      },
      "cc_claims": {},
      "cc_protection_profile_id": {},
      "cc_sar": {},
      "cc_security_level": {},
      "cc_sfr": {},
      "certification_process": {
        "OutOfScope": {
          " and URL Filtering security policies/profiles are not evaluated and therefore, these features are out of scope. API request over HTTP By default, the TOE supports API requests over HTTPS or HTTPS tunneled over": 1,
          "Policies The TLS and SSH decryption policies are not evaluated and therefore, these features are out of scope. Anti-Virus, Anti-Spyware, Anti-Malware Security Policies The Anti-Virus, Anti-Spyware": 1,
          "by the security functional requirements: TLS, HTTPS, SSH, IKE/IPsec. The features below are out of scope. Table 2 Excluded Features Feature Description Telnet and HTTP Management Protocols Telnet and HTTP": 1,
          "out of scope": 4,
          "security policies (i.e., profiles) are not evaluated and therefore, there features are out of scope. File Blocking, DLP, and URL Filtering Security Policies The File Blocking, DLP (Data Loss": 1
        }
      },
      "cipher_mode": {},
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IPsec": {
          "IPsec": 12
        },
        "SSH": {
          "SSH": 14,
          "SSHv2": 3
        },
        "TLS": {
          "TLS": {
            "TLS": 10
          }
        },
        "VPN": {
          "VPN": 18
        }
      },
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {
        "Leidos": {
          "Leidos": 7
        }
      },
      "hash_function": {},
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {},
      "side_channel_analysis": {},
      "standard_id": {},
      "symmetric_crypto": {},
      "technical_report_id": {},
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "Microsoft": {
          "Microsoft": 2
        }
      },
      "vulnerability": {}
    },
    "report_metadata": {
      "/CreationDate": "D:20210517140421-04\u002700\u0027",
      "/ModDate": "D:20210517140421-04\u002700\u0027",
      "pdf_file_size_bytes": 778696,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 38
    },
    "st_filename": "st_vid11063-st.pdf",
    "st_frontpage": null,
    "st_keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 7
          },
          "ECDH": {
            "ECDH": 2,
            "ECDHE": 6
          },
          "ECDSA": {
            "ECDSA": 20
          }
        },
        "FF": {
          "DH": {
            "DH": 28,
            "DHE": 4,
            "Diffie-Hellman": 13
          },
          "DSA": {
            "DSA": 2
          }
        },
        "RSA": {
          "RSA 2048": 1,
          "RSA-2048": 1
        }
      },
      "cc_cert_id": {},
      "cc_claims": {
        "A": {
          "A.PHYSICAL_PROTECTION": 1
        },
        "OE": {
          "OE.ADMIN_CREDENTIALS_SECURE": 1,
          "OE.CONNECTIONS": 1,
          "OE.NO_GENERAL_PURPOSE": 1,
          "OE.NO_THRU_TRAFFIC_PROTECTION": 1,
          "OE.PHYSICAL": 1,
          "OE.RESIDUAL_INFORMATION": 1,
          "OE.TRUSTED_ADMIN": 1,
          "OE.UPDATES": 1
        }
      },
      "cc_protection_profile_id": {},
      "cc_sar": {
        "ADV": {
          "ADV_FSP.1": 1
        },
        "AGD": {
          "AGD_OPE": 1,
          "AGD_PRE": 1
        },
        "ALC": {
          "ALC_CMC.1": 1,
          "ALC_CMS.1": 1
        },
        "ASE": {
          "ASE_CCL": 1,
          "ASE_ECD": 1,
          "ASE_INT": 1,
          "ASE_OBJ": 1,
          "ASE_REQ": 1,
          "ASE_SPD": 1,
          "ASE_TSS": 1
        },
        "ATE": {
          "ATE_IND.1": 1
        },
        "AVA": {
          "AVA_VAN.1": 1
        }
      },
      "cc_security_level": {},
      "cc_sfr": {
        "FAU": {
          "FAU_GEN": 2,
          "FAU_GEN.1": 4,
          "FAU_GEN.1.1": 1,
          "FAU_GEN.1.2": 1,
          "FAU_GEN.2": 3,
          "FAU_GEN.2.1": 1,
          "FAU_STG_EXT": 1,
          "FAU_STG_EXT.1": 3,
          "FAU_STG_EXT.1.1": 1,
          "FAU_STG_EXT.1.2": 1,
          "FAU_STG_EXT.1.3": 1
        },
        "FCS": {
          "FCS_CKM": 7,
          "FCS_CKM.1": 4,
          "FCS_CKM.1.1": 1,
          "FCS_CKM.2": 7,
          "FCS_CKM.2.1": 1,
          "FCS_CKM.4": 3,
          "FCS_CKM.4.1": 1,
          "FCS_COP": 15,
          "FCS_COP.1": 4,
          "FCS_RBG_EXT": 1,
          "FCS_RBG_EXT.1": 5,
          "FCS_RBG_EXT.1.1": 1,
          "FCS_RBG_EXT.1.2": 1,
          "FCS_SSHS_EXT": 1,
          "FCS_SSHS_EXT.1": 3,
          "FCS_SSHS_EXT.1.1": 2,
          "FCS_SSHS_EXT.1.2": 1,
          "FCS_SSHS_EXT.1.3": 1,
          "FCS_SSHS_EXT.1.4": 1,
          "FCS_SSHS_EXT.1.5": 2,
          "FCS_SSHS_EXT.1.6": 1,
          "FCS_SSHS_EXT.1.7": 1,
          "FCS_SSHS_EXT.1.8": 2,
          "FCS_TLSC_EXT": 1,
          "FCS_TLSC_EXT.1": 3,
          "FCS_TLSC_EXT.1.1": 2,
          "FCS_TLSC_EXT.1.2": 1,
          "FCS_TLSC_EXT.1.3": 1,
          "FCS_TLSC_EXT.1.4": 1,
          "FCS_TLSC_EXT.2": 7,
          "FCS_TLSC_EXT.2.1": 2,
          "FCS_TLSC_EXT.2.2": 2,
          "FCS_TLSC_EXT.2.3": 2,
          "FCS_TLSC_EXT.2.4": 2,
          "FCS_TLSC_EXT.2.5": 2,
          "FCS_TLSS_EXT": 2,
          "FCS_TLSS_EXT.1": 3,
          "FCS_TLSS_EXT.1.1": 1,
          "FCS_TLSS_EXT.1.2": 1,
          "FCS_TLSS_EXT.1.3": 1,
          "FCS_TLSS_EXT.2": 2,
          "FCS_TLSS_EXT.2.1": 1,
          "FCS_TLSS_EXT.2.2": 1,
          "FCS_TLSS_EXT.2.3": 1,
          "FCS_TLSS_EXT.2.4": 1,
          "FCS_TLSS_EXT.2.5": 1,
          "FCS_TLSS_EXT.2.6": 1
        },
        "FDP": {
          "FDP_RIP": 1,
          "FDP_RIP.2": 4
        },
        "FIA": {
          "FIA_AFL": 1,
          "FIA_AFL.1": 6,
          "FIA_AFL.1.1": 1,
          "FIA_AFL.1.2": 1,
          "FIA_PMG_EXT": 1,
          "FIA_PMG_EXT.1": 3,
          "FIA_PMG_EXT.1.1": 1,
          "FIA_UAU": 1,
          "FIA_UAU.7": 3,
          "FIA_UAU.7.1": 1,
          "FIA_UAU_EXT": 1,
          "FIA_UAU_EXT.2": 2,
          "FIA_UAU_EXT.2.1": 1,
          "FIA_UIA_EXT": 1,
          "FIA_UIA_EXT.1": 5,
          "FIA_UIA_EXT.1.1": 1,
          "FIA_UIA_EXT.1.2": 1
        },
        "FMT": {
          "FMT_MOF": 12,
          "FMT_MOF.1": 3,
          "FMT_MTD": 8,
          "FMT_MTD.1": 3,
          "FMT_SMF": 4,
          "FMT_SMF.1": 4,
          "FMT_SMF.1.1": 1,
          "FMT_SMR": 1,
          "FMT_SMR.2": 3,
          "FMT_SMR.2.1": 1,
          "FMT_SMR.2.2": 1,
          "FMT_SMR.2.3": 1
        },
        "FPT": {
          "FPT_APW_EXT": 2,
          "FPT_APW_EXT.1": 3,
          "FPT_APW_EXT.1.1": 1,
          "FPT_APW_EXT.1.2": 1,
          "FPT_FLS": 4,
          "FPT_FLS.1": 1,
          "FPT_ITC.1": 1,
          "FPT_SKP_EXT": 2,
          "FPT_SKP_EXT.1": 2,
          "FPT_SKP_EXT.1.1": 1,
          "FPT_STM_EXT": 2,
          "FPT_STM_EXT.1": 3,
          "FPT_STM_EXT.1.1": 1,
          "FPT_STM_EXT.1.2": 1,
          "FPT_TST_EXT": 3,
          "FPT_TST_EXT.1": 4,
          "FPT_TST_EXT.1.1": 1,
          "FPT_TST_EXT.3": 2,
          "FPT_TST_EXT.3.1": 1,
          "FPT_TST_EXT.3.2": 1,
          "FPT_TUD_EXT": 2,
          "FPT_TUD_EXT.1": 3,
          "FPT_TUD_EXT.1.1": 1,
          "FPT_TUD_EXT.1.2": 1,
          "FPT_TUD_EXT.1.3": 2
        },
        "FTA": {
          "FTA_SSL": 2,
          "FTA_SSL.3": 4,
          "FTA_SSL.3.1": 1,
          "FTA_SSL.4": 2,
          "FTA_SSL.4.1": 1,
          "FTA_SSL_EXT": 1,
          "FTA_SSL_EXT.1": 4,
          "FTA_SSL_EXT.1.1": 1,
          "FTA_TAB": 1,
          "FTA_TAB.1": 4,
          "FTA_TAB.1.1": 1
        },
        "FTP": {
          "FTP_ITC": 3,
          "FTP_ITC.1": 4,
          "FTP_ITC.1.1": 2,
          "FTP_ITC.1.2": 2,
          "FTP_ITC.1.3": 2,
          "FTP_TRP": 4,
          "FTP_TRP.1": 3
        }
      },
      "certification_process": {
        "OutOfScope": {
          " and URL Filtering security policies/profiles are not evaluated and therefore, these features are out of scope. API request over HTTP By default, the TOE supports API requests over HTTPS or HTTPS tunneled over": 1,
          "ISP links to ensure application performance and scale capacity. The SD-WAN capability is considered out of scope. PAN OS 9.1.8 Security Target Palo Alto Networks Page 23 of 84 Feature Description Include": 1,
          "Policies The TLS and SSH decryption policies are not evaluated and therefore, these features are out of scope. Anti-Virus, Anti-Spyware, Anti- Malware Security Policies The Anti-Virus, Anti-Spyware": 1,
          "by the security functional requirements: TLS, HTTPS, SSH, IKE/IPsec. The features below are out of scope. Table 2 Excluded Features Feature Description Telnet and HTTP Management Protocols Telnet and HTTP": 1,
          "is secured with TLS using FIPS-approved algorithms. The threat prevention signatures themselves are out of scope (i.e., not evaluated). Management The next-generation firewall provides both direct and remote": 1,
          "malformed, fragmented packets. The protection from viruses, worm, and spyware using signatures are out of scope (i.e., not evaluated).  DoS Protection \u2013 the firewall is designed to protect against flooding": 1,
          "out of scope": 7,
          "security policies (i.e., profiles) are not evaluated and therefore, there features are out of scope. File Blocking, DLP, and URL Filtering Security Policies The File Blocking, DLP (Data Loss": 1
        }
      },
      "cipher_mode": {
        "CBC": {
          "CBC": 11
        },
        "CCM": {
          "CCM": 5
        },
        "CTR": {
          "CTR": 7
        },
        "GCM": {
          "GCM": 14
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "IKE": {
          "IKE": 29,
          "IKEv1": 14,
          "IKEv2": 13
        },
        "IPsec": {
          "IPsec": 95
        },
        "SSH": {
          "SSH": 54,
          "SSHv2": 7
        },
        "TLS": {
          "SSL": {
            "SSL": 9,
            "SSL 2.0": 4,
            "SSL 3.0": 4
          },
          "TLS": {
            "TLS": 108,
            "TLS 1.0": 4,
            "TLS 1.1": 4,
            "TLS 1.2": 7,
            "TLS1.1": 1,
            "TLS1.2": 2,
            "TLSv1.1": 2,
            "TLSv1.2": 7
          }
        },
        "VPN": {
          "VPN": 84
        }
      },
      "crypto_scheme": {
        "KEX": {
          "Key Exchange": 2
        },
        "MAC": {
          "MAC": 2
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 18,
          "P-384": 16,
          "P-521": 12,
          "secp256r1": 8,
          "secp384r1": 8,
          "secp521r1": 4
        }
      },
      "eval_facility": {},
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 6
          },
          "SHA2": {
            "SHA-256": 6,
            "SHA-384": 6,
            "SHA-512": 4,
            "SHA256": 13
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 14
        },
        "RNG": {
          "RBG": 3
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 2,
          "FIPS 186-4": 3,
          "FIPS PUB 186-4": 15
        },
        "ISO": {
          "ISO/IEC 10118-": 1,
          "ISO/IEC 14888-3": 2,
          "ISO/IEC 18031:2011": 5,
          "ISO/IEC 9796-2": 2
        },
        "NIST": {
          "NIST SP 800-56A": 2,
          "SP 800-90A": 2
        },
        "PKCS": {
          "PKCS #1": 2,
          "PKCS#12": 2
        },
        "RFC": {
          "RFC 2460": 2,
          "RFC 2818": 3,
          "RFC 2986": 2,
          "RFC 3268": 22,
          "RFC 3447": 2,
          "RFC 3513": 2,
          "RFC 3526": 9,
          "RFC 35267": 1,
          "RFC 3602": 3,
          "RFC 3986": 1,
          "RFC 4106": 1,
          "RFC 4109": 1,
          "RFC 4253": 2,
          "RFC 4301": 2,
          "RFC 4303": 2,
          "RFC 4304": 1,
          "RFC 4346": 4,
          "RFC 4443": 1,
          "RFC 4492": 26,
          "RFC 4868": 1,
          "RFC 4945": 1,
          "RFC 5246": 23,
          "RFC 5280": 5,
          "RFC 5289": 42,
          "RFC 5735": 2,
          "RFC 5759": 2,
          "RFC 5996": 3,
          "RFC 6125": 4,
          "RFC 6598": 2,
          "RFC 6960": 1,
          "RFC 768": 2,
          "RFC 791": 2,
          "RFC 792": 1,
          "RFC 793": 3,
          "RFC 959": 1,
          "RFC2409": 1,
          "RFC4945": 1
        },
        "X509": {
          "X.509": 8
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 32,
            "AES-": 1,
            "AES-256": 6
          }
        },
        "DES": {
          "3DES": {
            "3DES": 1
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 11,
            "HMAC-SHA-256": 8,
            "HMAC-SHA-384": 4,
            "HMAC-SHA-512": 6
          }
        }
      },
      "technical_report_id": {},
      "tee_name": {},
      "tls_cipher_suite": {
        "TLS": {
          "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": 8,
          "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": 8,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": 8,
          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": 5,
          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": 8,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": 8,
          "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": 5,
          "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": 8,
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": 5,
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": 3,
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": 5,
          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": 5,
          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384": 3,
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": 5,
          "TLS_RSA_WITH_AES_128_CBC_SHA": 3,
          "TLS_RSA_WITH_AES_128_CBC_SHA256": 3,
          "TLS_RSA_WITH_AES_256_CBC_SHA": 3
        }
      },
      "vendor": {
        "Broadcom": {
          "Broadcom": 3
        },
        "Microsoft": {
          "Microsoft": 4
        }
      },
      "vulnerability": {}
    },
    "st_metadata": {
      "/CreationDate": "D:20210412140143-04\u002700\u0027",
      "/ModDate": "D:20210412140143-04\u002700\u0027",
      "pdf_file_size_bytes": 1510267,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=417",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=419",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=418",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=406",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=411",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=433",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0450",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0478",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0484",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=412",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0481",
          "file:///C:/Users/beaverg/Desktop/CCTL%20Projects/Palo%20Alto%20Panorama/Received%20from%20Vendor/updates.paloaltonetworks.com",
          "https://www.paloaltonetworks.com/company/trademarks.html",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0477",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0511",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0475",
          "https://www.nsa.gov/Portals/70/documents/resources/everyone/csfc/components-list/selections/vpn-gateways.pdf",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=434",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0483",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=420",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=405",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=435",
          "http://www.paloaltonetworks.com/",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=422",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0482",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=408",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=410",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0520",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD_ID=407",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?td_id=409",
          "https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0480"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 88
    }
  },
  "protection_profile_links": {
    "_type": "Set",
    "elements": [
      "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/ppfiles/MOD_CPP_FW_v1.3.pdf",
      "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/ppfiles/CPP_ND_V2.1.pdf",
      "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/ppfiles/MOD_VPNGW_V1.0.pdf"
    ]
  },
  "report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-vr.pdf",
  "scheme": "US",
  "security_level": {
    "_type": "Set",
    "elements": []
  },
  "st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/st_vid11063-st.pdf",
  "state": {
    "_type": "sec_certs.sample.cc.CCCertificate.InternalState",
    "cert": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_garbage": true,
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "pdf_hash": "2beae7bf5c19ad78adb0dcc46962e010d07eb77bce05fd62895332d89cee55db",
      "txt_hash": "d077489bfcd9ee914094fd03a23134da69875480e0f46ab3dfabd05422cfaf7f"
    },
    "report": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_garbage": false,
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "pdf_hash": "7663d558ab2c7f9c6965539e780099353ef8b54834d4203e3e993958f64f76cb",
      "txt_hash": "52c74063ae89b7fec0380b9fb46189a30f5d695d7f77635ee20621cd5a1a4942"
    },
    "st": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_garbage": false,
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "pdf_hash": "0b00bc736c2c1c3461fd6c0d672d6ff3c1a50d3bae374e5ab3146d2f04518543",
      "txt_hash": "f1d4a140fa832fb3a7009995464701273ca9b819ab118fb2bc11d58309660e96"
    }
  },
  "status": "archived"
}