This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
Champion Champion
Champion
‎2025-06-09 12:05 PM
Jump to solution

BSI Common Criteria EAL4+ R82 Version + Jumbo Hotfix

Check Point has successfully gained a Common Criteria EAL4+ AVA_VAN.4 certification for R82 Security Management, Security Gateway, and Maestro Orchestrator.

The certification was performed under the authority of the German certification scheme. The Certificate, Certification Report, and Security Target are available below, and are officially published on the BSI web site and the Common Criteria Portal (at the top, click "Certified Products" > in the "Filter by" section, in the leftmost vendor field, select "Check Point Software Technologies Ltd.").

Important Limitations:
To obtain the evaluated configuration, the administrator is required to configure the TOE according to instructions provided in the Installation and Configuration Guide. After completion, non-TOE functionality will be disabled. This configuration does not support standard jumbo hotfixes. Flaw remediation will be provided through Customer Support via opening a support request.


Questions:
- Is it possible to install a jumbo hotfix for the BSI version from SK181211, for example JHF Take 19
   Even if we would lose the certification here - in an emergency case.
- Will Check Point provide jumbo hotfixes in the future without opening a support request every time.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
1 Solution

Accepted Solutions
Malcolm_Levy
Employee
Employee
‎2025-06-12 12:34 AM
Jump to solution

A regular JHF on the evaluated configuration is not supported. 

We certified a side branch on top of the R82 general release where we implemented code for meeting BSI specific requirements.

We do not support JHFs on the certified release as they are not necessarily compatible and may overwrite code written for BSI compliance. 

The certified code is supported, and normal support channels should be used. 

In the very rare circumstance where a CVE that impacts Check Point is found I expect a HF to be provided.

 

 

View solution in original post

1 Reply
Malcolm_Levy
Employee
Employee
‎2025-06-12 12:34 AM
Jump to solution

A regular JHF on the evaluated configuration is not supported. 

We certified a side branch on top of the R82 general release where we implemented code for meeting BSI specific requirements.

We do not support JHFs on the certified release as they are not necessarily compatible and may overwrite code written for BSI compliance. 

The certified code is supported, and normal support channels should be used. 

In the very rare circumstance where a CVE that impacts Check Point is found I expect a HF to be provided.

 

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events