Configure UCAPL/CC compliance
Configure Unified Capabilities Approved Products List (UCAPL) or Common Criteria (CC) compliance to ensure your Secure Firewall Threat Defense device meets security certifications and export-controlled feature requirements.
Use this task when you need to enable security certifications compliance for your device. This is required for export-controlled features and may be necessary for regulatory or organizational compliance.
For more information about this setting and how to enable it for the Cloud-Delivered Firewall Management Center, see Security Certifications Compliance.
Caution | After you enable this setting, disabling it is not possible. To return the appliance to standard mode, reimage the appliance. |
Before you begin
-
Secure Firewall Threat Defense devices cannot use an evaluation license; your Smart Software Manager account must be enabled for export-controlled features.
-
Secure Firewall Threat Defense devices must be deployed in routed mode.
-
You must have administrative privileges to perform this task.
-
Security certifications compliance mode cannot be changed if the Firewall Threat Defense device is in high availability. Change the security certifications compliance mode before you create the high availability pair.
Procedure
Step 1 | Choose and create or edit the Firewall Threat Defense policy. |
Step 2 | Click UCAPL/CC Compliance. |
Step 3 | To permanently enable security certifications compliance on the appliance, you have two choices:
|
Step 4 | Click Save. You can now go to and deploy the policy to assigned devices. The changes are not active until you deploy them. |
After completing these steps, your device operates in the selected compliance mode (UCAPL or CC), and the policy is enforced once deployed.