Understanding the Common Criteria Evaluated Configuration

This document describes the steps required to duplicate the configuration of the device running Junos OS when the device is evaluated. This is referred to as the evaluated configuration. The following list describes the standards to which the device has been evaluated:

• Collaborative Protection Profile for Network Devices, NDcPPv2.2e—https://www.commoncriteriaportal.org/files/ppfiles/CPP_ND_V2.2E.pdf.

  PP modules for NDcPP are as follows:

  • MOD_FW_CPP v1.4e –https://www.niap-ccevs.org/MMO/PP/MOD_CPP_FW_v1.4e.pdf
  • MOD_IPS_V1.0 –https://www.niap-ccevs.org/MMO/PP/MOD_IPS_v1.0.pdf
  • VPNGW_MOD v1.1 – https://www.niap-ccevs.org/MMO/PP/mod_vpngw_v1.1.pdf
• Network Device Collaborative Protection Profile (NDcPPv2.2)/Stateful Traffic Filter Firewall Collaborative Protection Profile (FWcPP) Extended Package VPN Gateway, Version 2.2, 22 March 2020 (VPNEP)
• Collaborative Protection Profile for Stateful Traffic Filter Firewalls, version 2.0, 14 March 2018 (FWcPP)https://www.commoncriteriaportal.org/files/ppfiles/CPP_FW_V2.0E.pdf

• Collaborative Protection Profile for Network Devices or Collaborative Protection Profile for Stateful Traffic Filter Firewalls Extended Package (EP) for Intrusion Prevention Systems (IPS), (IPSEP)

• FIPS—https://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

These documents are available at https://www.niap-ccevs.org/Profile/PP.cfm.

Note:

On SRX5400, SRX5600, and SRX5800 devices, Junos OS Release 22.2R1 is certified for Common Criteria with FIPS mode enabled on the devices.