Maintenance Addendum Check Point VPN-1/FireWall-1 Version NGX R65 on Crossbeam Systems C-Series & X-Series Security Services Switches

Canadian Common Criteria Scheme (CCCS)

Maintenance Report

Issued by:

Communications Security Establishment
Certification Body
Canadian Common Criteria Evaluation and Certification Scheme

© 2007 Government of Canada, Communications Security Establishment

Document number 383-7-20-MR
Version 1.0
Date 7 September 2007

Introduction

On 4 September 2007, Check Point Software Technologies Ltd.1 and Crossbeam Systems Inc.2 submitted an Impact Analysis Report (IAR) to the CCS Certification Body on the Check Point VPN-1/FireWall-1 NGX Version R65 on Crossbeam Systems C-Series & X-Series Security Services Switches.

The Check Point VPN-1/FireWall-1 Version NGX R65 represents the target of evaluation (TOE), whereas the IT environment comprises the Crossbeam Systems C-Series & X-Series Security Services Switches and the operating systems Crossbeam COS v6.0.0 and XOS v7.3.0. The Check Point VPN-1/FireWall-1 NGX Version R65 is a maintained TOE, having been the subject of assurance maintenance in October 2006.

The IAR is intended to satisfy requirements outlined in version 1.0 of the Common Criteria document CCIMB-2004-02-009: Assurance Continuity: CCRA Requirements. In accordance with those requirements, the IAR describes any changes made to the TOE and/or its IT environment, the evidence updated as a result of the changes, and the security impact of the changes.

Description of Changes to the TOE

No changes have been made to the TOE since the assurance maintenance step in October 2006.

Description of Changes to the IT Environment

Changes to the underlying IT environment are permissible under assurance continuity provided that they do not change the certified TOE. A modified ST was provided which listed the updated IT environment (Crossbeam Systems C-Series & X-Series Security Services Switches). Check Point Software Technologies Ltd. subjected the TOE to complete regression testing on all platforms. Changes to the IT environment operating systems and hardware are:

Operating Systems:

  • Crossbeam COS v6.0.0 and XOS v7.3.0.

Hardware:

  • Crossbeam X-Series blades CPM8600 (Control Processor Module) and APM8600 (Application Processor Module).

Affected developer evidence

Modifications to the product necessitated changes to a subset of the developer evidence that was previously submitted. The subset of affected developer evidence was identified in the IAR, and revised versions of all affected developer evidence were submitted.

Modifications to the security target were made to reflect the new product versions.

Conclusions

All changes were to the underlying operating system and the underlying hardware. Through functional and regression testing, assurance gained in the original TOE certification was maintained. As all of the changes have been classified as minor, it is the conclusion of the CB that the maintained TOE is appropriate for assurance continuity and re-evaluation is not required.

References

  1. Assurance Continuity: CCRA Requirements, CCIMB-2004-02-009, version 1.0, February 2004
  2. Technical Oversight for Assurance Continuity of a certified TOE, version 1.0, 18 June 2004
  3. Certification Report for the EAL4 Evaluation of Check Point VPN-1/FireWall-1 FP1, 12 September 2005.

_______________________

1 Check Point Software Technologies Ltd. is the developer of the Check Point VPN-1/FireWall-1 Version NGX R65.

2 Crossbeam Systems Inc. is the developer of the Crossbeam Systems C-Series & X-Series Security Services Switches.