Security certifications compliance modes

A security certifications compliance mode refers to a set of security standards established by the U.S. Department of Defense and global certification organizations. Organizations must use only equipment and software that comply with these standards.

Security certification standards

Secure Firewall supports compliance with these security certifications standards:

  • Common Criteria (CC): A global standard established by the international Common Criteria Recognition Arrangement, defining properties for security products.

  • Unified Capabilities Approved Products List (UCAPL): A list of products meeting security requirements established by the U.S. Defense Information Systems Agency (DISA).

    Note
    The U.S. Government has changed the name of the Unified Capabilities Approved Products List (UCAPL) to the Department of Defense Information Network Approved Products List (DODIN APL). References to UCAPL in this documentation and the Cloud-Delivered Firewall Management Center web interface can be interpreted as references to DODIN APL.

  • Federal Information Processing Standards (FIPS) 140: A requirements specification for encryption modules used in secure systems.

Organizations can enable security certifications compliance in CC mode or UCAPL mode. Enabling these modes does not guarantee compliance with every requirement of the selected security mode. For more information on hardening procedures, refer to the product guidelines provided by the certifying entity.

Caution
After you enable a security certifications compliance mode, you cannot disable it. To remove an appliance from CC or UCAPL mode, you must reimage the appliance.