USGv6 for IPv6, Common Criteria EAL 4+, and certifications that matter for cybersecurity

Over the past six weeks, we’ve completed two major certifications that are significant for enterprises, governments and service providers that must strengthen their network security in light of heightened cybersecurity concerns and that are considering a transition to a next-generation firewall. Upgrading security infrastructure is also a great opportunity for companies to adopt products that are future proof and are certified for the latest internet technologies such as IPv6.

USGv6 is a testing program designated by the National Institute of Standards and Technology (NIST) that provides proof of compliance to IPv6 specifications outlined in current industry standards for common network products. Testing was completed for all our firewall appliances that run PAN-OS 5.0. The test covers IPv6 conformance testing as a firewall, IDS, and IPS device. In layman’s terms, USGv6 testing ensures that our network security platform can be safely deployed in environments where IPv6 is in use. Because IPv6 increases the number of Internet addresses, more computers and devices can be connected online, supporting the continued growth of the Internet. The use of IPv6 has doubled every year for the past three years, but it’s still in its early days. However, support for IPv6 is now required by many governments, service providers, and enterprises developing M2M services as a way to future proof their network infrastructure.

In May, we proudly announced that the following platforms completed the stringent Common Criteria EAL4+ Certification process: PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series Next-Generation Firewalls with PAN-OS 4.0. EAL4+ is the highest level of certification that any commercial firewall can receive. The Common Criteria certifications are used by governments and enterprises around the world that are responsible for critical infrastructure, such as energy grids, financial trading networks, and communication networks, to evaluate the security readiness of technology products. You can download the official certificate delivered by the NSA and NIAP (National Security Agency and National Information Assurance Partnership, respectively). Other major certifications and testing completed by Palo Alto Networks include:

• FIPS 140-2 issued by NIST: this certification is focused on cryptographic functionality. FIPS 140-2 is typically required to complete CC EAL4+
• Firewall certification by ICSA Labs, a subsidiary of Verizon
• NST certification delivered by NEBS and often required by telecommunications companies
• UC APL (Unified Capabilities Approved Products List): this completed evaluation allows Palo Alto Networks product to be added to the US Department of Defense list of approved products and can used on the US DoD networks

If you have any questions regarding the above and how they might intersect with your adoption of our network security platform, you can contact us at certifications@paloaltonetworks.com.