Maintenance Addendum Check Point Software Technologies Incorporated VPN-1/FireWall-1 Next Generation AI R55 with HFA_14 on Crossbeam Security Services Switches
Maintenance Report
Issued by:
Communications Security Establishment
Certification Body
Canadian Common Criteria Evaluation and Certification Scheme
© 2005 Government of Canada, Communications Security Establishment
| Document number: | 383-7-9-MR |
| Version: | 1.0 |
| Date: | November 4, 2005 |
| Pagination: | 1 to 2 |
1 Introduction
On 22 September 2005, Check Point Software Technologies Incorporated, the developer of the Check Point Software Technologies Incorporated VPN-1/FireWall-1 Next Generation AI R55 with HFA_14 on Crossbeam Security Services Switches product, submitted an Impact Analysis Report to the CCS Certification Body. The Impact Analysis Report is intended to satisfy requirements outlined in version 1.0 of the Common Criteria document CCIMB-2004-02-009: Assurance Continuity: CCRA Requirements. In accordance with those requirements, the Impact Analysis Report (IAR) describes the changes made to Check Point Software Technologies Incorporated VPN-1/FireWall-1 Next Generation AI R55 with HFA_14 on Crossbeam Security Services Switches (the maintained Target of Evaluation), the evidence updated as a result of the changes and the security impact of the changes.
2 Description of changes to the TOE
The changes listed in the IAR include additions to the set of compatible hardware and operating systems.
For each change, it was verified that there were no required changes to the security functional requirements in the ST, and thorough functional and regression testing was conducted by the developer to ensure that the assurance in the Target of Evaluation (TOE) was maintained.
3 Description of Changes to the IT Environment
Changes to the underlying IT Environment are permissible under assurance continuity provided that the original ST did not place any SFRs on the elements being changed or added to. A modified ST was provided which included an expanded list of operating systems and compatible hardware. The TOE was subjected to complete regression testing on all platforms. The additional operating systems and compatible hardware are:
Operating Systems:
- Crossbeam C-Series Operating System (COS) v3.5.0;
- Crossbeam X-Series Operating System (XOS) v6.0.2.
Compatible Hardware:
- Crossbeam systems C-Series Security Services Switches (C10, C30, C30i);
- Crossbeam systems X-Series Security Services Switches (X40, X45, X80).
4 Affected developer evidence
Modifications to the product necessitated changes to a subset of the developer evidence that was previously submitted for the TOE. The set of affected developer evidence was identified in the IAR, and revised versions of all affected developer evidence were submitted.
Modifications to the security target were made to include the expanded list of compatible underlying hardware and operating systems.
5 Conclusions
The scope of changes made was limited to the underlying IT environment. Through functional and regression testing of the Check Point Software Technologies Incorporated VPN-1/FireWall-1 Next Generation AI R55 with HFA_14 on Crossbeam Security Services Switches, assurance gained in the original TOE certification was maintained. As all of the changes to the TOE have been classified as minor, it is the conclusion of the CB that the maintained TOE is appropriate for assurance continuity and re-evaluation is not required.
6 References
Assurance Continuity: CCRA Requirements, CCIMB-2004-02-009, version 1.0, February 2004
Technical Oversight for Assurance Continuity of a Certified TOE, version 1.2, October 2005