Ärendetyp: 6 Diarienummer: 20FMV3531-13:1
Certification ID CSEC 2020017
Enligt säkerhetsskyddslagen (2018:585)
SEKRETESS
Enligt offentlighets- och
Sekretesslagen (2009:400)
2021-02-05
Försvarets materielverk
Swedish Defence Material Administration
Swedish Certification Body for IT Security
Certification Report - PP-Configuration ND/FW
Issue: 1.0, 2021-Feb-05
Authorisation: Jerry Johansson, Lead Certifier , CSEC
Swedish Certification Body for IT Security
Certification Report - PP-Configuration ND/FW
20FMV3531-13:1 1.0 2021-02-05
CSEC 2020017 2 (10)
Table of Contents
1 Executive Summary 3
2 Identification 4
3 Results of the Evaluation 5
4 Evaluator Comments and Recommendations 6
5 Certifier Comments and Recommendations 7
6 Glossary 8
7 Bibliography 9
Appendix A - QMS Consistency 10
Swedish Certification Body for IT Security
Certification Report - PP-Configuration ND/FW
20FMV3531-13:1 1.0 2021-02-05
CSEC 2020017 3 (10)
1 Executive Summary
The PP-Configuration for Network Device and Stateful Traffic Filter Firewalls v1.4E,
combines the requirements of the collaborative Protection Profile for Network Devices
v2.2E, and the PP-Module for Stateful Traffic Filter Firewalls v1.4E.
Thus, the PP-Configuration combines the security requirements for a generic network
device with the security requirements for a Stateful Traffic Filter Firewall.
The PP-Configuration is used in the same way as a PP and is recognised as a PP with-
in the CCRA.
The PP-Configuration for Network Device and Stateful Traffic Filter Firewalls v1.4E
requires exact conformance.
The PP-Configuration evaluation has been performed by atsec information security
AB and was completed on the 28th of October 2020, and was performed concurrently
with, and as a separate part of the product evaluation of the firewall F5 BIG-IP
15.1.2.1 including LTM and AFM, which claims conformance to the PP-
Configuration.
The evaluation was conducted in accordance with the requirements of Common Crite-
ria, version 3.1, release 5, and the Common Methodology for IT Security Evaluation,
version 3.1, release 5, and CC and CEM Addenda - Exact Conformance, Selection-
Based SFRs, Optional SFRs, CCDB, May 2017.
The evaluation was performed according to the requirements in assurance class ACE
and the assurance components APE_INT.1, APE_SPD.1, APE_OBJ.2, APE_ECD.1,
and APE_REQ.2.
atsec information security AB is a licensed evaluation facility for Common Criteria
under the Swedish Common Criteria Evaluation and Certification Scheme. atsec in-
formation security AB is also accredited by the Swedish accreditation body SWEDAC
according to ISO/IEC 17025 for Common Criteria evaluation.
The certifier monitored the activities of the evaluator by reviewing all work units in
the evaluation report. The certifier determined that the evaluation results have been
reached in agreement with the requirements of the Common Criteria and the Common
Methodology.
The certification results only apply to the version of the PP-Configuration indicated
in the certificate.
This certificate is not an endorsement of the PP-Configuration by CSEC or any other
organisation that recognises or gives effect to this certificate, and no warranty of the
PP-Configuration by CSEC or any other organisation that recognises or gives effect
to this certificate is either expressed or implied.
Swedish Certification Body for IT Security
Certification Report - PP-Configuration ND/FW
20FMV3531-13:1 1.0 2021-02-05
CSEC 2020017 4 (10)
2 Identification
Certification Identification
Certification ID CSEC2020017
Name and version of the
certified PP-Configuration
PP-Configuration for Network Device and Stateful
Traffic Filter Firewalls v1.4E
PP-Module Identification PP-Module for Stateful Traffic Filter Firewalls v1.4E
Base PP Identification Collaborative Protection Profile for Network
Devices v2.2E
Sponsor F5 Networks Inc.
Developer Network Device iTC
ITSEF atsec information security AB
Common Criteria version 3.1 release 5
CEM version 3.1 release 5
QMS version 1.24.1
Scheme Notes Release 17.0
Recognition Scope CCRA
Certification date 2021-Feb-05
Swedish Certification Body for IT Security
Certification Report - PP-Configuration ND/FW
20FMV3531-13:1 1.0 2021-02-05
CSEC 2020017 5 (10)
3 Results of the Evaluation
The evaluators applied each work unit of the Common Methodology [CEM] within
the scope of the evaluation, and concluded that the evaluated PP-Configuration meets
the requirements in the assurance class ACE and the assurance components
APE_INT.1, APE_SPD.1, APE_OBJ.2, APE_ECD.1, and APE_REQ.2.
The certifier reviewed the work of the evaluators and determined that the evaluation
was conducted in accordance with the Common Criteria [CC].
The evaluators' overall verdict is PASS.
The verdicts for the assurance classes and components are summarised in the follow-
ing table:
Assurance Class/Component Short name Verdict
Protection Profile Configuration Evaluation ACE PASS
PP-Module Introduction ACE_INT.1 PASS
PP-Module Conformance Claims ACE_CCL.1 PASS
PP-Module Security Problem Definition ACE_SPD.1 PASS
PP-Module Security Objectives ACE_OBJ.1 PASS
PP-Module Extended Components Definition ACE_ECD.1 PASS
PP-Module Security Requirements ACE_REQ.1 PASS
PP-Module Consistency ACE_MCO.1 PASS
PP-Configuration Consistency ACE_CCO.1 PASS
Protection Profile Evaluation (selected parts) APE PASS
PP Introduction APE_INT.1 PASS
Security Problem Definition APE_SPD.1 PASS
Security Objectives APE_OBJ.2 PASS
Extended Components Definition APE_ECD.1 PASS
Security Requirements APE_REQ.2 PASS
Swedish Certification Body for IT Security
Certification Report - PP-Configuration ND/FW
20FMV3531-13:1 1.0 2021-02-05
CSEC 2020017 6 (10)
4 Evaluator Comments and Recommendations
None.
Swedish Certification Body for IT Security
Certification Report - PP-Configuration ND/FW
20FMV3531-13:1 1.0 2021-02-05
CSEC 2020017 7 (10)
5 Certifier Comments and Recommendations
During the evaluation of PP-Configuration for Network Device and Stateful Traffic
Filter Firewalls, the following interpretations were considered:
TD0538 NIT Technical Decision for Outdated Link to Allowed-List
TD0551 NIT Technical Decision for Incomplete Mappings of OEs in
FW Module v1.4+Errata
Please note that when using the PP-Configuration in a product evaluation, these and
other interpretations may apply.
Swedish Certification Body for IT Security
Certification Report - PP-Configuration ND/FW
20FMV3531-13:1 1.0 2021-02-05
CSEC 2020017 8 (10)
6 Glossary
CCRA Common Criteria Recognition Arrangement
CC Common Criteria - CC Part 1-3 refers to the Common
Criteria Documentation
CEM Common Methodology for Information Technology
Security Evaluation
PP Protection Profile
cPP Collaborative Protection Profile
PP-Configuration Protection Profile composed of Base Protection Profiles and
Protection Profile Module
PP-Module Implementation-independent statement of security needs for
a TOE type complementary to one or more Base Protection
Profiles
Base PP Protection Profile used as a basis to build a Protection Pro-
file Configuration
TOE Target of Evaluation
Swedish Certification Body for IT Security
Certification Report - PP-Configuration ND/FW
20FMV3531-13:1 1.0 2021-02-05
CSEC 2020017 9 (10)
7 Bibliography
PP-CFG PP-Configuration for Network Device and Stateful Traffic Filter
Firewalls, 2020-06-25, document version 1.4E
PP-MOD PP-Module for Stateful Traffic Filter Firewalls, 2020-06-25,
document version 1.4E.
EA MOD Evaluation Activities for Stateful Traffic Filter Firewalls PP-Module,
June 2020, document version 1.4E
NDcPP Collaborative Protection Profile for Network Devices,
2020-03-23, document version 2.2E
EA PP Evaluation Activities for Network Device cPP, December 2019,
Document version 2.2
CCpart1 Common Criteria for Information Technology Security Evaluation,
Part 1, version 3.1 revision 5, CCMB-2017-04-001
CCpart2 Common Criteria for Information Technology Security Evaluation,
Part 2, version 3.1 revision 5, CCMB-2017-04-002
CCpart3 Common Criteria for Information Technology Security Evaluation,
Part 3, version 3.1 revision 5, CCMB-2017-04-003
CC CCpart1 + CCpart2 + CCpart3
CEM Common Methodology for Information Technology Security
Evaluation, version 3.1 revision 5, CCMB-2017-04-004
CCADD CC and CEM Addenda - Exact Conformance, Selection-Based SFRs,
Optional SFRs, CCDB, May 2017
SP-002 SP-002 Evaluation and Certification, CSEC, 2020-11-30, document
version 32.0
Swedish Certification Body for IT Security
Certification Report - PP-Configuration ND/FW
20FMV3531-13:1 1.0 2021-02-05
CSEC 2020017 10 (10)
Appendix A - QMS Consistency
During the certification project, the following versions of the quality management sys-
tem (QMS) have been applicable since the certification application was received
2020-06-23:
QMS 1.23.2 valid from 2020-05-11
QMS 1.24 valid from 2020-11-19
QMS 1.24.1 valid from 2020-12-03
In order to ensure consistency in the outcome of the certification, the certifier has ex-
amined the changes introduced in each update of the quality management system.
The changes between consecutive versions are outlined in “Ändringslista CSEC QMS
1.24.1”.
The certifier concluded that, from QMS 1.23.2 to the current QMS 1.24.1, there are no
changes with impact on the result of the certification.
No applicable Scheme Notes were identified.