Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Understanding the Common Criteria Evaluated Configuration

 

This document describes the steps required to duplicate the configuration of the device running Junos OS when the device is evaluated. This is referred to as the evaluated configuration. The following list describes the standards to which the device has been evaluated:

  • Collaborative Protection Profile for Network Devices, version 2.0, 4 May 2017 (NDcPP)

  • Collaborative Protection Profile for Stateful Traffic Filter Firewalls, Version 1.0, 27 February 2015 (FWcPP)

  • Collaborative Protection Profile for Network Devices or Collaborative Protection Profile for Stateful Traffic Filter Firewalls Extended Package (EP) for Intrusion Prevention Systems (IPS), Version 2.11, 15 June 2017 (IPSEP)

  • Network Device Collaborative Protection Profile (NDcPP)/Stateful Traffic Filter Firewall Collaborative Protection Profile (FWcPP) Extended Package VPN Gateway, Version 2.1, 8 March 2017 (VPNEP)

These documents are available at https://www.niap-ccevs.org/Profile/PP.cfm?archived=1.

Note

The Junos certified version is Junos version 17.4R1-S1. On SRX300, SRX320, SRX340, SRX345, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices, Junos OS Release 17.4R1-S1 is certified for Common Criteria with FIPS mode enabled on the devices.

The FIPS 140-2 Level 2 is certificated for SRX300, SRX340, SRX345, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices, and the FIPS 140-2 Level 1 certification for SRX320, for Junos OS Release 17.4R1-S1.

Understanding Common Criteria

Common Criteria for information technology is an international agreement signed by 28 countries that permits the evaluation of security products against a common set of standards. In the Common Criteria Recognition Arrangement (CCRA) at http://www.commoncriteriaportal.org/ccra/, the participants agree to mutually recognize evaluations of products performed in other countries. All evaluations are performed using a common methodology for information technology security evaluation.

For more information on Common Criteria, see http://www.commoncriteriaportal.org/.

Supported Platforms

For the features described in this document, the following platforms are supported:

  • The IPSEP, NDcPP, FWcPP, and VPNEP apply to:

    • SRX300, SRX320, SRX340, SRX345, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800