Certified Check Point Solutions

Common Criteria Internationally recognized standard and an ISO standard (ISO-IEC 15408) for evaluating the security claims of IT products and systems. Certification provides customers with a higher level of assurance that the security of a product as evaluated meets the standards for security requirements.

Check Point offers EAL4 certified security solutions for firewall, VPN, IDS, IPS, management, secure logging, and endpoint security. Check Point Integrity is the only endpoint security solution from a major security vendor to achieve Common Criteria EAL4 certification.

• VPN-1 Power/UTM R65 HFA-30 is certified at Evaluation Assurance Level (EAL) 4 augmented with ALC_FLR.3 (Flaw Remediation). This includes all Check Point UTM-1, Power-1, IAS, and Nokia IP appliances. R65 is certified as a Firewall, VPN, IDS and remote access gateway including SNX.

VPN-1 conforms to the Intrusion Detection System Protection Profile, March 9, 2005 and meets the functional requirements of the Application-Layer Firewall Medium Robustness V1, June 2000, and the Traffic-Filter Firewall Protection Profile for Medium Robustness Environments, V1.4 June 2000.

• Endpoint Security Full Disk Encryption, Pointsec PC 6.3.1 is certified at EAL4
• Check Point Endpoint Security Media Encryption is certified at EAL4
• Integrity 6.5 Agent Is certified at EAL4 with ALC_FLR.2, AVA_VLA.3
• NFR Sentivist™ (now Check Point IPS-1™) Is certified at EAL2, conformant to the US government IDS/IPS Protection Profile

In Evaluation:

The following products are listed by NIAP-CCEVS as In Evaluation. This listing is achieved after having successfully passed an iVOR (initial Validation Oversight Review)

• Check Point Software Blades R7x
• Check Point VSX NGX R67.x in combination with Check Point Provider-1 R71
• Check Point Security Gateway Appliances with Security Management and Security Gateway R75, IPSO 6.2 and GAIA R75
• Check Point Endpoint Security Version R8x (Total Security)
• Check Point VPN-1 Power/UTM NGX R65 Medium Robustness
• IP Appliances running IPSO 4.2 Build 051c with Check Point VPN-1 Power/UTM NGX R65 Medium Robustness

FIPS
Federal Information Processing Standard (FIPS) 140-2 defines security requirements for cryptographic modules for US government National Security Telecommunications and Information Systems. Security Policy (NSTISSP) #11.

The Network Security product Security Gateway with firewall and VPN Software Blades certificate 1219 is certified to FIPS 140-2.

• Check Point Full Disk Encryption for Windows 770
• Check Point Full Disk Encryption for Mac OS X 770
• Check Point Full Disk Encryption for Symbian9 770
• Check Point Media Encryption 784
• Pointsec Mobile 1100
• Connectra 1474
• Check Point IP Appliance 1551 1552

In Process:

The following products are listed by NIST-CMVP as In Process. This listing is achieved after a complete set of Vendor evidence is accepted by an accredited evaluation lab.

• VSX
• Security Gateway R7x
• Security Management
• Provider-1
• CryptoCore V2 used by Endpoint TS
  

The CESG CCTM scheme verifies the claims security vendors make for their solutions for data confidentiality, integrity and availability in the modern government IT environment. Its test methodology is uniformly applied to all candidate products and services to ensure that certification provides a consistent and objective quality benchmark for network managers and purchasers. It is operated by CESG, the Information Assurance arm of the Government Communications Headquarters (GCHQ). More information is available at

Check Point has certified through the CESG CCTM:

• UTM-1 Edge W
• Endpoint Media Encryption
• Endpoint Full Disk Encryption
• Pointsec for Pocket PC
• Pointsec for PC Enterprise Workplace Edition

IPv6
Certified to include IPv6 mandatory core protocols and interoperability with other IPv6 implementations.

• Check Point Software Blades R7x passed IPv6 certification against the US Government IPv6 profile in the Network Protection Device (NPD)and Router categories for IPSec, IKE, ESP and Firewall.
  
  R7x is now listed on the University of New Hampshire Web http://www.iol.unh.edu/services/testing/ipv6/usgv6tested.php.

ICSA
Independent testing and certifications for Firewall and IPSec, including the security functions of data source authentication, data integrity and confidentiality.

• Security Gateway R71 is certified to ICSA corporate firewall criteria
• Security Gateway R70 is IPsec certified to ICSA IPsec 1.3 criteria
• UTM-1 Edge W is certified to ICSA corporate firewall criteria

VPN Consortium

• VPN-1 NGX and UTM-1 have passed IPSec conformance testing
• Connectra has passed SSL VPN conformance testing

NSS
Leading independent security products testing organization evaluating performance, security effectiveness and usability.

Highlights of the NSS Group IPS Test Report for the Check Point IPS Software Blade:

• 97.3% security effectiveness and 100% anti-evasion coverage Multi-Gigabit rated throughput of 2.4Gbps

BITS Financial services security laboratory

• Check Point Full Disk Encryption is certified to meet the security needs of the financial services industry.

Section 508
Section 508 of the United States Rehabilitation Act of 1973 mandates that Federal agencies acquire products which enable people with disabilities to have access to information and data in a way that is comparable to the access and use experienced by people without disabilities.

• VPN-1 NG FP-1 complies with Section 508, and is compatible with assistive technology.

Euro Symbol

• Eventia Reporter, where accounting functions are utilized, implements the concept of 'units' in place of any specific currency. Since neither the EURO nor any other monetary symbol appears in our software products, Check Point therefore states that it is in EURO symbol compliance.