Maintenance Addendum Check Point VPN-1/FireWall-1 NGX Version R65 on Crossbeam Systems C-Series & X-Series Security Services Switches
Maintenance Report
Check Point Software Technologies Ltd. VPN-1/FireWall-1 Version NGX R65
Issued by:
Communications Security Establishment
Certification Body
Canadian Common Criteria Evaluation and Certification Scheme
© 2007 Government of Canada, Communications Security Establishment
| Document number | 383-7-19-MR |
|---|---|
| Version | 1.0 |
| Date | August 7, 2007 |
Introduction
On 1 August 2007, Electronic Warfare Associates-Canada (EWA-Canada) submitted an Impact Analysis Report to the CCS Certification Body on behalf of Check Point Software Technologies Ltd., the developer of the Check Point Software Technologies Ltd. VPN1/FireWall-1 Version NGX R65 product. The Impact Analysis Report is intended to satisfy requirements outlined in version 1.0 of the Common Criteria document CCIMB-2004-02-009: Assurance Continuity: CCRA Requirements. In accordance with those requirements, the Impact Analysis Report (IAR) describes the changes made to Check Point Software Technologies Ltd. VPN-1/FireWall-1 Version NGX R65 (the maintained Target of Evaluation), the evidence updated as a result of the changes and the security impact of the changes.
Description of changes
The following characterizes the changes implemented in the Check Point Software Technologies Ltd. VPN-1/FireWall-1 Version NGX R65. For each change, it was verified that there were no required changes to the security functional requirements in the ST, and thorough functional and regression testing was conducted by the developer to ensure that the assurance in the Target of Evaluation (TOE) was maintained. The changes in Check Point Software Technologies Ltd. VPN-1/FireWall-1 Version NGX R65 comprise software changes that add functionality to portions of the product not included in the scope of the original evaluation.
Description of Changes to the IT Environment
Changes to the underlying IT environment are permissible under assurance continuity provided that they do not change the certified TOE. A modified ST was provided which listed the updated operating system and hardware. Check Point Software Technologies Ltd. subjected the TOE to complete regression testing on all platforms. Changes to the IT environment's operating system and hardware are:
Operating Systems:
- SUN Solaris 10.
Hardware:
- Check Point UTM-1 (appliance);
- Check Point Firefly;
- Sun Microsystems Inc., Sun Fire V240 Server;
- Hewlett-Packard, HP ProLiant DL 360.
Affected developer evidence
Modifications to the product necessitated changes to a subset of the developer evidence that was previously submitted for the TOE. The set of affected developer evidence was identified in the IAR, and revised versions of all affected developer evidence were submitted.
Modifications to the security target were made to reflect the new product version.
Conclusions
All changes to the TOE were features changes to the product. Through functional and regression testing of the Check Point Software Technologies Ltd. VPN-1/FireWall-1 Version NGX R65, assurance gained in the original TOE certification was maintained. As all of the changes to the TOE have been classified as minor, it is the conclusion of the CB that the maintained TOE is appropriate for assurance continuity and re-evaluation is not required.
References
- Assurance Continuity: CCRA Requirements, CCIMB-2004-02-009, version 1.0, February 2004
- Technical Oversight for Assurance Continuity of a Certified TOE, version 1.2, October 2005
- Certification Report for EAL4 Evaluation of Check Point Software Technologies Incorporated VPN-1/FireWall-1 Next Generation Feature Pack 1