This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Malcolm_Levy
Employee
Employee
a month ago

Common Criteria EAL4+ R82

Check Point R82 for Gateway and Maestro Configurations

I’m pleased to be able to announce that the German BSI has awarded a Common Criteria EAL4+ certification augmented by ALC_FLR.1 and AVA_VAN.4 for R82.

The German BSI is held in very high regard and known for the unique criteria and stringent process it applies when evaluating products.

Relevant documentation for the certificate, Security Target, Administrator Guide and Evaluation report will be published by the BSI, the Common Criteria portal and from sk181211

Malcolm

 

Preview file
86 KB
3 Replies
the_rock
Legend
Legend
a month ago

Congrats!

0 Kudos
Nüüül
Advisor
Advisor
a month ago

Great one! Congratulations

 

I am keen to see the Install and Config Guides. 

 

One question about

Important Limitations: To obtain the evaluated configuration, the administrator is required to configure the TOE according to instructions provided in the Installation and Configuration Guide. After completion, non-TOE functionality will be disabled. This configuration does not support standard jumbo hotfixes. Flaw remediation will be provided through Customer Support via opening a support request.

Do you have an idea how long the delay is between normal JHF Release and TOE JHF? Will the hotfixes go through validations at BSI again? If yes, what about major fixes - are they accelerated? (I´m sure, some customers will ask such things 🙂 )

 

I tried to get out of the document, which features / blades are supported or excluded. Is there any?

 

Thanks

Malcolm_Levy
Employee
Employee
a month ago
In response to Nüüül

The limitations are standard wordings of Common Criteria certifications. The wordings are motivated by certification Schemes that wish to protect their integrity and reputation for a possible fallout should a customer not abide by this advice and then expose themself to a potential vulnerability. 

I'm not aware of customers that follow this advice, and my understanding is that most are pragmatic and use the certification for the assurance it provides and as one consideration in their risk analysis for how to protect their assets which may be best served by also using unevaluated features. 

It is also worth noting that for certification expediency we disable CPMI and therefore SmartConsole. This is not due to a risk, where the administrator is configured to be on a protected network, but due to the heavy load in evidence creation and testing that allowing CPMI or SmartConsole would require.

There will not be equivalent TOE JHFs, due to the work that would be required, and that there is no simple path for their certification. The path of a hot fix and its potential certification could happen if a CVE is discovered. Thankfully these are very rare in Check Point. 

The TOE is very similar to the one we had for R81.10, with the obvious advantage of being on R82 that supports the latest appliances. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 20 May 2025 @ 11:30 AM (PDT)

    Las Vegas: Check Point Hybrid Mesh
    In-Person

    Wed 21 May 2025 @ 11:30 AM (MST)

    Tempe, AZ: Check Point Hybrid Mesh
    In-Person

    Tue 03 Jun 2025 @ 09:00 AM (CEST)

    CheckMates LIve France - Workshop Check Point Quantum
    In-Person

    Tue 03 Jun 2025 @ 06:00 PM (EDT)

    Montreal: CPX Recap
    In-Person

    Tue 10 Jun 2025 @ 06:00 PM (EDT)

    Quebec City: CPX Recap
    CheckMates Events