PP-Configuration for Network Device and Stateful Traffic Filter Firewalls
Version 1.4 +Errata20200625
25 June 2020
PP-Configuration for
Network Device and Stateful Traffic Filter
Firewalls
PP-Configuration for Network Device and Stateful Traffic Filter Firewalls
V1.4 +Errata 20200625, 25 June 2020 Page 2 of 7
Acknowledgements
This PP-Configuration was developed by the Network Device international Technical
Community with representatives from industry, Government agencies, Common Criteria Test
Laboratories, and members of academia.
PP-Configuration for Network Device and Stateful Traffic Filter Firewalls
V1.4 +Errata 20200625, 25 June 2020 Page 3 of 7
0. Preface
1.1 Related Documents
Common Criteria1
[CC1] Common Criteria for Information Technology Security Evaluation,
Part 1: Introduction and General Model,
CCMB-2017-04-001, Version 3.1 Revision 5, April 2017.
[CC2] Common Criteria for Information Technology Security Evaluation,
Part 2: Security Functional Components,
CCMB-2017-04-002, Version 3.1 Revision 5, April 2017.
[CC3] Common Criteria for Information Technology Security Evaluation,
Part 3: Security Assurance Components,
CCMB-2017-04-003, Version 3.1 Revision 5, April 2017.
[Exact
Conformance
Addendum]
CC and CEM addenda, Exact Conformance, Selection-Based SFRs, Optional
SFRs, May 2017, Version 0.5
Other Documents
[MOD-FW] PP-Module for Stateful Traffic Filter Firewalls, Version 1.4 +Errata 20200625,
25 June 2020
[PP_ND] collaborative Protection Profile for Network Devices, Version 2.2e, 27 March
2020
[SD-FW] Evaluation Activities for Stateful Traffic Filter Firewalls PP-Configuration,
Version 1.4 +Errata 20200625, 25 June 2020
[SD-ND] Evaluation Activities for Network Device cPP, Version 2.2, 20 December 2019
1.2 Revision History
Version Date Description
1.4e 25.06.2020 Errata version
1.4 06.04.2020 Release version
1.3 27.09.2019 Release version
1.2 19.07.2019 Updated version
1.1 05.04.2019 Minor update
1.0 08.02.2019 Initial Draft
1
For details see http://www.commoncriteriaportal.org/
PP-Configuration for Network Device and Stateful Traffic Filter Firewalls
V1.4 +Errata 20200625, 25 June 2020 Page 4 of 7
Contents
Acknowledgements ......................................................................................................................................... 2
0. Preface....................................................................................................................................................... 3
1.1 Related Documents.......................................................................................................................... 3
1.2 Revision History.............................................................................................................................. 3
2. Introduction ............................................................................................................................................... 5
2.1 PP-Configuration Reference ............................................................................................................ 5
2.2 PP-Configuration Components statement......................................................................................... 5
3. Conformance Claims.................................................................................................................................. 6
3.1 CC Conformance - Conformance Statement and Conformance Claims ............................................. 6
3.2 SAR Statement................................................................................................................................ 6
PP-Configuration for Network Device and Stateful Traffic Filter Firewalls
V1.4 +Errata 20200625, 25 June 2020 Page 5 of 7
2. Introduction
The scope of this PP-Configuration is to describe the security functionality of a network device,
which is in compliance with the Base-PP (NDcPP) [PP-ND] that also implements stateful
traffic firewall functionality in accordance with the PP-Module for Stateful Traffic Filter
Firewalls [MOD-FW].
2.1 PP-Configuration Reference
This PP-Configuration is identified as follows:
PP-Configuration Reference: PP-Module for Network Device and Stateful Traffic Filter
Firewalls
PP-Configuration Version: 1.4 +Errata 20200625
PP-Configuration Date: 25 June 2020
PP-Configuration shorthand reference: CFG_NDcPP-FW_v1.4e
2.2 PP-Configuration Components statement
This PP-Configuration consists of the following components:
Base PP: collaborative Protection Profile for Network Devices, Version 2.2e, 27 March
2020 [PP-ND]
PP-Modules: PP-Module for Stateful Traffic Filter Firewalls, Version 1.4 +Errata 20200625,
25 June 2020 [MOD-FW]
PP-Configuration for Network Device and Stateful Traffic Filter Firewalls
V1.4 +Errata 20200625, 25 June 2020 Page 6 of 7
3. Conformance Claims
3.1 CC Conformance - Conformance Statement and Conformance Claims
As defined by the references [CC1], [CC2] and [CC3], this PP-Configuration:
• conforms to the requirements of Common Criteria v3.1, Release 5
• is Part 2 extended, Part 3 conformant
• does not claim conformance to any PP, PP-Module or PP-configuration.
In order to be conformant to this PP-Configuration, an ST must demonstrate Exact
Conformance as inherited from the specified Base-PP and as defined in [Exact Conformance
Addendum]. This means that all of the SFRs in [PP-ND] section 6 and section 6 of the PP-
Module [MOD-FW] must be included in an ST that claims conformance to this PP-
Configuration. In addition, SFRs from [PP-ND], Appendix A or Appendix A of the PP-Module
may be included (these are optional SFRs), and SFRs from Appendix B of the Base-PP must
be included according to the selections made, as described in [PP-ND], Appendix B.
No PP-Modules are allowed to specify this PP-Configuration as a Base-PP.
3.2 SAR Statement
The Security Assurance Requirements applicable to this PP-Configuration are inherited from
the Base-PP, i.e. [PP-ND], section 7.
Assurance Class Assurance Components
Security Target (ASE) Conformance claims (ASE_CCL.1)
Extended components definition (ASE_ECD.1)
ST introduction (ASE_INT.1)
Security objectives for the operational environment (ASE_OBJ.1)
Stated security requirements (ASE_REQ.1)
Security Problem Definition (ASE_SPD.1)
TOE summary specification (ASE_TSS.1)
Development (ADV) Basic functional specification (ADV_FSP.1)
Guidance documents (AGD) Operational user guidance (AGD_OPE.1)
Preparative procedures (AGD_PRE.1)
Life cycle support (ALC) Labelling of the TOE (ALC_CMC.1)
TOE CM coverage (ALC_CMS.1)
Tests (ATE) Independent testing – conformance (ATE_IND.1)
Vulnerability assessment (AVA) Vulnerability survey (AVA_VAN.1)
PP-Configuration for Network Device and Stateful Traffic Filter Firewalls
V1.4 +Errata 20200625, 25 June 2020 Page 7 of 7
The Supporting Documents provided for the Base-PP [SD-ND] and PP-Module [SD-FW]
provide specific information with respect to the evaluation of the SARs listed in the table
above.