Certified Product: FortiAnalyzer™ Centralized Reporting Appliances running Firmware 5.2.4

FortiAnalyzer™ Centralized Reporting Appliances running Firmware 5.2.4 (hereafter referred to as the Target of Evaluation, or TOE) from Fortinet, Inc., was the subject of a Common Criteria evaluation performed by the Common Criteria Evaluation Facility at CGI IT Security Evaluation & Test Facility. The evaluation was completed in July 2016.

The evaluation of the TOE determined that this Information Technology (IT) product is conformant to the Protection Profile for Network Devices Version 1.1, 8 June 2012 with Errata #3.

The TOE is a log collection and reporting device which aggregates log data from Fortinet devices and/or other syslog-compatible devices. Administrators can filter and review records, including traffic, event, virus, attack, Web content, and email. The TOE implements a FIPS 140-2 validated module to secure communications to trusted administrators and to secure audit logs in transit from another IT entity to the TOE.

The scope of this evaluation is defined by the security target, which identifies assumptions made during the evaluation, the intended environment for the TOE, the IT security requirements to be met, and the level of confidence (evaluation assurance level) to which it is asserted that the TOE satisfies its IT security requirements.

Consumers are advised to carefully review the certification report to gain an understanding of the security functionality, the evaluated configuration, and the intended operating environment for the TOE.