Understanding the Common Criteria Evaluated Configuration
This document describes the steps required to duplicate the configuration of the device running Junos OS when the device is evaluated. This is referred to as the evaluated configuration. The following list describes the standards to which the device has been evaluated:
Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model, CCMB-2012-09-001, Version 3.1 Revision 4, September 2012.
Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Components, CCMB-2012-09-002, Version 3.1 Revision 4, September 2012.
Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Components, CCMB-2012-09-003, Version 3.1 Revision 4, September 2012.
[FWcPP] collaborative Protection Profile for Stateful Traffic Filter Firewalls, Version 2.0+Errata 20180314, 14 March 2018
[IPS_EP] collaborative Protection Profile for Network Devices/collaborative Protection Profile for Stateful Traffic Filter Firewalls Extended Package (EP) for Intrusion Prevention Systems (IPS)
[VPN_EP] Network Device Collaborative Protection Profile (NDcPP)/Stateful Traffic Filter Firewall Collaborative Protection Profile (FWcPP) Extended Package VPN Gateway.
These documents are available at https://www.niap-ccevs.org/Profile/PP.cfm?archived=1.
The Junos certified version is Junos FIPS, version 19.2R1. On vSRX3.0 instances, Junos OS Release 19.2R1 is certified for Common Criteria with FIPS mode enabled on the device.
Understanding Common Criteria
Common Criteria for information technology is an international agreement signed by several countries that permits the evaluation of security products against a common set of standards. In the Common Criteria Recognition Arrangement (CCRA) at http://www.commoncriteriaportal.org/ccra/, the participants agree to mutually recognize evaluations of products performed in other countries. All evaluations are performed using a common methodology for information technology security evaluation.
For more information on Common Criteria, see http://www.commoncriteriaportal.org/.
For the features described in this document, the following platforms are supported:
The evaluated configuration for Common Criteria certification includes the following components:
HP ProLiant DL380p Gen9 with Intel Xeon E5 with 3 to 8 NICs (at least as many as the number of configured virtual NICs (vNIC) in vSRX3.0)
VMWare ESXi 6.5 Hypervisor
Junos OS Release 19.2R1 for vSRX3.0 software installed as an ESXi Virtual Machine (VM)
PacStar 451 Model D with 12 CPUs x Intel(R) Xeon(R) CPU D-1559 @ 1.50GHz 64 GB PacStar 451 Model A with 2 CPUs x Intel(R) Core(TM) i5-5350U CPU @ 1.80GHz
Juniper NFX250-S1 with Intel Xeon D 1500 Series
Juniper NFX250-S2 with Intel Xeon D 1500 Series
No other VMs may be installed on the ESXi instance. Each vNIC in vSRX3.0 must be mapped to a different physical NIC in the appliance or ESXi.