Create a Post
Showing results for 
Search instead for 
Did you mean: 

2 new Common Criteria certificates R80.30: Protection Profile and EAL4+ and certification update

I’m pleased to announce that Check Point have been awarded two new Common Criteria certificates for R80.30:

EAL4+ certificate of R80.30 

The Target of Evaluation (TOE) included claims for

  1. Firewall
  2. IPS Blade Pattern Matcher
  4. Enterprise appliances, TE appliances, Smart-1, CloudGuard

Protection Profile compliance of R80.30

The Target of Evaluation (TOE) included claims for

  1. Network Device
  2. Stateful Traffic Filter Firewall
  3. Extended VPN Package
  4. SmartConsole
  5. Enterprise appliances, TE appliances, Smart-1, CloudGuard

The Protection Profile and EAL4+ listings include the Certificates, Security Target and Validation Report. 

In addition R80.30 is now listed by the NSA CSFC component list for protecting classified NSS data, and qualifies for listing by NIAPC (NATO Information Assurance Product Catalogue), and the UK National Cyber Security Center (NCSB) Commercial Product Assurance (CPA) certification.  

A full press release can be seen here: 


3 Replies

According to the EAL4+ Installation and Configuration Guide, the following features are NOT part of the certification and therefore can not be used.

This is a incomplete list:

- VPN, including IKE v2/IPsec interface for realization of Virtual Private Networks

- IPv6
- SecureXL and PPack
- IPsec clients
- Anti-virus functionality
- Dynamic Routing and Constraint-based Routing Label Distribution Protocol (CR-LDP)
- WebUI – web-based system administration
- CLI system administration interfaces
- GUI Clients, e.g. SmartConsole (quote "The Check Point Management REST API provides the only external interface to the TOE")
- Clustering (I am not kidding, just Single Gateways are allowed)
- On-line IPS Update
- MobileAccess
- Data Leakage Prevention - DLP

- ..

That list is a bit too long  😉



0 Kudos

The list is long as Check Point has a full featured product and certification is for core functionality. Within any Common Criteria certification a Target of Evaluation (TOE) is defined that by definition excludes non-evaluated functionality. The TOE is a balance of functionality against cost and time.  As the certification authority needs to stand behind the certificate, we have to make the statement you have seen. Customers understand this and normally use non-TOE functionality. 

You should recognize that through certifying the Firewall and IPS Blade Pattern Matcher we have certified the Next Generation architecture to which other services may be applied. Through certifying at EAL4+ we have certified Check Point, the company, its development methodology, the R80 architecture, internal infrastructure, security and support processes. You can also look to the R80.30 Common Criteria Protection Profile certification that provides additional assurance and including  SmartConsole, VPN and IPv6.  

You will not find competitors that have a higher level of assurance. 

CISCO  and Palo Alto do not have an EAL4+

Fortinet has an EAL4+ certificate awarded in 2016 for: Fortigate Next Generation Firewalls and FortOS 5.2.7 CC Compliant Firmware

Fortinet's Protection Profile firewall  certification for Fortinet FortiGate w/ FortiOS v5.6.7  was awarded by the Canadian certification scheme in May 2019 and has not been recognized by NIAP-CCEVS on their Product Compliant List









0 Kudos

I’m pleased to inform this group that we completed the ICSA Firewall certification of R80.30.

ICSA provides an industry standard certification for firewalls. ICSA Labs is owned by Verizon.

R80.30 is now accredited by:

  1. NIAP-CCEVS, the US Government Common Criteria certification scheme, with claims for 3 Protection Profiles (NDcPP, FW, VPN Gateway)
  2. NSCIB, the Dutch Common Criteria certification scheme at EAL4+ with claims for FW and IPS
  3. The US NSA for protecting classified NSS data
  4. NATO NIAPC Information Assurance Product Catalogue
  5. ICSA labs

Within the certifications was have included Check Point Security Gateway appliances, Cloud Guard, TE and Smart-1 appliances. We have certified the R80 SmartConsole and REST APIs, which provide the leading ease-of-use and ease-of-automation security management.

Further details on the two Common Criteria certificates are available

For general product security certifications please refer to



0 Kudos