CSfC Components List


Skip to Components List Index

Customers select products from this listing to satisfy the reference architectures and configuration information contained in published Capability Packages. Customers must ensure that the components selected will permit the necessary functionality for the selected architecture.

For some technologies, the CSfC program requires specific, selectable requirements to be included in the Common Criteria evaluation validating that the product complies with the applicable NIAP-approved protection profile(s). Some selections, which are not required for the product to be listed on the NIAP Product Compliant List, are mandatory selections for products that are to be listed on the CSfC Components List.

To see the selectable requirements, go to the CSfC Components List and click on the links for IPSec VPN Gateways, IPSec VPN Clients, WLAN Clients, WLAN Access Systems, Certificate Authorities, MDM, SW FDE, Mobile Platforms, SIP Servers and VoIP Applications.

Open source components may be listed, provided they have a responsible sponsor, and an NSA-approved plan for, taking a component through Common Criteria evaluation and sustainment of the component. Customers wishing to use open source components should contact us with their evaluation and sustainment plans and the responsible parties for each.

Contact us here for questions regarding the CSfC Components List.

Which protection profiles are published and which are in development?

View a current listing of NIAP approved U.S. Government Protection Profiles.

View a listing of U.S. Government Protection Profiles currently in development.

Additional information about NIAP and the Common Criteria Evaluation and Validation Scheme. 

What is the process to get a commercial product CSfC-listed?

Vendors who wish to have their products eligible as CSfC components of a composed, layered information assurance solution must build their products in accordance with the applicable US Government approved Protection Profile(s) and submit their product using the Common Criteria Process.
For vendors utilizing either a U.S. Common Criteria Testing Laboratory (CCTL) or a foreign CCTL, the Product will not be added to the Components List until the NIAP/Common Criteria evaluation is in complete and the Product is posted to NIAP's Product Compliant List (PCL). 
 

In deciding whether a particular product is appropriate for CSfC, NSA considers the totality of circumstances known to NSA, including the vendor's past willingness to fix vulnerabilities, supply chain, foreign ownership, control or influence, the proposed uses of the product under consideration and any other relevant information available to NSA. Vendors of products submitted for consideration under the CSfC process will be notified of NSA's decision on a product-by product basis.

The vendor will enter into a Memorandum of Agreement (MoA) with NSA. The MoA specifies that the vendor's product must be NIAP certified and that the vendor agrees to fix vulnerabilities in a timely fashion. The MoA may also reference technology-specific selections for NIAP testing.

Interested vendors must complete and submit the CSfC Questionnaire (PDF) for each product. Please submit completed questionnaires via email.

An Update to the Manufacturer Diversity Requirement

The manufacturer diversity requirement for CSfC layered solutions has been modified to permit, subject to certain conditions, single-manufacturer implementations of both layers. The manufacturer must show sufficient independence in the code base and cryptographic implementations of the products used to implement each layer. To demonstrate this, a manufacturer must document the similarities and differences between the two products, to include cryptographic hardware components, software code base (i.e. operating system), software cryptographic libraries, and development teams. It is a fundamental requirement that the code bases of the two products be significantly different. Additionally, the vendor must document measures taken to ensure that supply chain risk is no greater than would be the case for products from two different vendors. NSA will review the information and determine whether the documentation is sufficient to meet the requirements for independent layers. Manufacturer diversity will continue to be accepted to constitute independent layers.

 

Cisco's Independence Layer Approval for Mobile Access CP

Cisco's Independence Layer Approval for Multi-Site Connectivity CP

Curtiss-Wright's CNS4 Independence Layer Approval for Data at Rest CP 

Curtiss-Wright's DTS1 Independence Layer Approval for Data at Rest CP

Samsung's Independence Layer Approval for Data at Rest CP

 

Vendors who wish to submit a statement may do so via email.

Components List Index

 

 

Authentication Server

Click for Selections

Vendor Model Version CNSSP-11 Compliance

Aruba

ClearPass Policy Manager

v6.9

NIAP Validation Completed (Gossamer)

Cisco

Identity Services Engine (SNS3515, SNS3595, SNS 3615, SNS3655, SNS3695, and ISE Virtual on ESXi6.x running on UCSC-C220-M5SX)

v2.6

NIAP Validation Completed (at Acumen)
Cisco Identity Services Engine (ISE) (SNS3515, SNS3595, SNS3615, SNS3655 and ISE virtual on ESXi 6.x running on UCSC-C220-M5SX) v3.1 NIAP Validation Ongoing (at Acumen)

Certification Authority

Click for Selections

Vendor Model Version CNSSP-11 Compliance
PrimeKey Solutions AB PrimeKey EJBCA Enterprise v7.4.1.1 NIAP Validation Completed (at COMBITECH)

Information Security Corporation

CertAgent

7.0 Patch Level 9

NIAP Validation Completed (at Leidos)
 


Client Virtualization Systems

Click for Selections

Vendor Model Version CNSSP-11 Compliance

 

 

 

 
 

E-mail Clients

Click for Selections

Vendor Model Version CNSSP-11 Compliance
VMware Workspace One Email Client v21.05 NIAP Validation Completed (at Booz Allen Hamilton)
 

End User Device / Mobile Platform

Click for Selections

Vendor Model Version CNSSP-11 Compliance
Samsung Research America

Samsung Galaxy Devices with Android 10-Fall (Galaxy A71 5G, Galaxy A51 5G, Galaxy Tab Active 3 and Galaxy Tab S4)

 Android 10 NIAP Validation Completed (at Gossamer)
Samsung Research America Samsung Galaxy Devices on Android 11-Spring (Galaxy S21 Ultra 5G, Galaxy S21+ 5G, Galaxy S21 5G, Galaxy Z Fold2 5G, Galaxy Note20 Ultra 5G, Galaxy Note20 Ultra LTE, Galaxy Note20 5G, Galaxy Note20 LTE, Galaxy Tab S7+ 5G, Galaxy Tab S7+, Galaxy Tab S7 5G, Galaxy Tab S7, Galaxy Z Flip 5G, Galaxy S20 Ultra 5G, Galaxy S20+ 5G, Galaxy S20+ LTE, Galaxy S20 5G, Galaxy S20 TE, Galaxy S20 LTE, Galaxy S20 FE, Galaxy XCover Pro, Galaxy A51, Galaxy Note10+ 5G, Galaxy Note10+, Galaxy Note10 5G, Galaxy Note10, Galaxy Tab S6 5G, Galaxy Tab S6, Galaxy S10 5G, Galaxy S10+, Galaxy S10, Galaxy S10e, Galaxy Fold 5G, Galaxy Fold and Galaxy Z Flip, Galaxy Z Fold3 5G, Galaxy Z Flip3 5G, Galaxy S21 5G FE) Android 11 NIAP Validation Completed (at Gossamer)
Samsung Research America Samsung Galaxy Devices on Android 11-Fall (Galaxy A71 5G, Galaxy A51 5G, Galaxy Tab Active3, Galaxy A52 5G and Galaxy A42 5G) Android 11 NIAP Validation Completed (at Gossamer)
Samsung Research America Samsung Galaxy Devices on Android 12 - Spring (Galaxy S22 Ultra 5G, Galaxy S22+ 5G, Galaxy S22 5G, Galaxy S21 Ultra 5G, Galaxy S21+ 5G, Galaxy S21 5G, Galaxy Z Fold2 5G, Galaxy Note20 Ultra 5G, Galaxy Note20 Ultra LTE, Galaxy Note20 5G, Galaxy Note20 LTE, Galaxy Tab S8 Ultra, Galaxy Tab S8+, Galaxy Tab S8, Galaxy Tab S7+, Galaxy Tab S7, Galaxy Z Flip 5G, Galaxy S20 Ultra 5G, Galaxy S20+ 5G, Galaxy S20+ LTE, Galaxy S20 5G, Galaxy S20 TE, Galaxy S20 LTE, Galaxy S20 FE, Galaxy XCover Pro, Galaxy A51, Galaxy Note10+ 5G, Galaxy Note10+, Galaxy Note10 5G, Galaxy Note10, Galaxy Tab S6 5G, Galaxy Tab S6, Galaxy S10 5G, Galaxy S10+, Galaxy S10, Galaxy S10e, Galaxy Fold 5G, Galaxy Fold and Galaxy Z Flip) Android 12 NIAP Validation Ongoing (at Gossamer)
Apple Apple iOS 13 on iPhone and Apple iPadOS 13 on iPad (Mobile Devices using the A8/A8X processor (iPad mini 4), A9/A9X processor (iPhone 6s, iPhone 6s Plus, iPhone SE, iPad 9.7-inch (5th gen), iPad Pro 9.7-inch, iPad Pro 12.9-inch), A10 Fusion/A10X Fusion processor (iPhone 7, iPhone 7 Plus, iPad 9.7-inch (6th gen), iPad 10.2-inch (7th gen), iPad Pro 12.9-inch (2nd gen), iPad Pro 10.5-inch), A11 Bionic processor (iPhone 8, iPhone 8 Plus, iPhone X), A12 Bionic/A12X Bionic/A12Z Bionic processor (iPhone Xs, iPhone Xs Max, iPhone XR, iPad mini (5th gen), 10.5-inch iPad Air (3rd gen), 11-inch iPad Pro, 12.9-inch iPad Pro (3rd gen), 11-inch iPad Pro (2nd gen), 12.9-inch iPad Pro (4th gen), and A13 Bionic processor (iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone SE (2nd gen)) iOS 13 NIAP Validation Completed (at ATSEC)
Apple Apple iOS 14 (iPhones using the A9 processor (iPhone 6s, iPhone 6s Plus, iPhone SE), A10 Fusion processor (iPhone 7, iPhone 7 Plus), A11 Bionic processor (iPhone 8, iPhone 8 Plus, iPhone X), A12 Bionic processor (iPhone Xs, iPhone Xs Max, iPhone XR) and A13 Bionic processor (iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone SE (2nd gen), and A14 Bionic (iPhone 12 mini, iPhone 12, iPhone 12 Pro, iPhone 12 Pro Max) iOS 14 NIAP Validation Completed (at ATSEC)
Apple Apple iPadOS 14 (iPads using the A9/A9X processor (iPad 9.7-inch (5th gen), iPad Pro 9.7-inch, iPad Pro 12.9-inch), A10 Fusion/A10X Fusion processor (iPad 9.7-inch (6th gen), iPad 10.2-inch (7th gen), iPad Pro 12.9-inch (2nd gen), iPad Pro 10.5-inch), A12 Bionic/A12X Bionic/A12Z Bionic processor (iPad mini (5th gen), 10.5-inch iPad Air (3rd gen), 11-inch iPad Pro, 12.9-inch iPad Pro (3rd gen), 11-inch iPad Pro (2nd gen), 12.9-inch iPad Pro (4th gen), and A14 Bionic processor (iPad Air (4th Gen)) iOS 14 NIAP Validation Completed (at ATSEC)

 

File Encryption

Click for Selections

Vendor Model Version CNSSP-11 Compliance
Samsung Research America Knox File Encryption Version 1.3 NIAP Validation Ongoing (at Gossamer)

Hardware Full Drive Encryption

Click for Selections

​Note: Due to the nature of the split evaluations for this product category, some products listed here may not be validated against both applicable Protection Profiles.  Products (marked with *) not validated against both the Collaborative Protection Profile Full Drive Encryption -- Authorization Acquisition (CPP FDE-AA) AND the Collaborative Protection Profile Full Drive Encryption -- Encryption Engine (CPP FDE-EE) will require a Deviation Request for requirement DAR-PS-7.

Vendor Model Version CNSSP-11 Compliance
Apple  Apple FileVault 2 on T2 systems running macOS Catalina 10.15 macOS Catalina 10.15 NIAP Validation Completed (at Acumen)
Curtiss-Wright Defense Solutions Data Transport System 1-Slot (DTS1) Hardware Encryption Layer v5.1 NIAP Validation Completed (at Gossamer)
Galleon Embedded Computing XSR and G1 Hardware Encryption Layer v4.0.11 NIAP Validation Completed (at Gossamer)
KLC Group CipherDrive* v1.2.2 NIAP Validation Completed (at Lightship Security)

Mercury Systems

ASURRE-Stor Solid State Self-Encrypting Drive

Version 3.0

NIAP Validation Completed (at UL Verification Services)
NetApp Storage Encryption ONTAP 9.7P13 NIAP Validation Completed (at Leidos)
Novachips Co. Scaler and Express P-series SSD vNV.R1900 NIAP Validation Completed (at UL Verification Services)

IPS

Click for Selections

Vendor Model Version CNSSP-11 Compliance

Cisco

Firepower NGIPS/NGIPSv with FireSIGHT (FMC) and FMCv (Cisco Firepower NGIPS 6.2 (on Cisco FirePOWER 7000 Series, 8000 Series and Cisco AMP Appliances), and NGIPSv 6.2 (on ESXi 5.5 or 6.0 on Cisco UCS B200-M4, B200-M5, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, EN120S-M2/K9, EN120E-208/KP, E140S-M2/k9, E160S-M3, and E180D-M2/K9 installed on ISR), with FMC 6.2 (on Cisco FireSIGHT FS750, FS1000, FS2000, FS2500, FS4000, and FS4500) or FMCv 6.2 (on ESXi 5.5 or 6.0 on Cisco UCS B200-M4, B200-M5, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, EN120S-M2/K9, EN120E-208/KP, E140S-M2/k9, E160S-M3, and E180D-M2/K9 installed on ISR)

Version 6.2

NIAP Validation Completed (at Gossamer)
Cisco Firepower NGIPS/NGIPSv with FMC/FMCv (FP8350, FP8360, FP8370, FP8390, AMP8350, AMP8360, AMP8370, AMP8390, FMC1000, FMC2500, FMC4500, FMC1600, FMC2600, FMC4600, FMCv running on ESXi 6.0 or 6.5 and Cisco UCS-B and Cseries and NGIPSv running on ESXi 6.0 or 6.5 and Cisco UCS-B and C series 6.4 NIAP Validation Completed (at Gossamer)
Cisco Cisco FTD 6.4 on ASA 5500 and ISA 3000 and FTDv with FMC and FMCv (ASA 5508, ASA 5516, ISA 3000, FMC1000, FMC2500, FMC4500, FMC1600, FMC2600, FMC4600, FMCv running on ESXi 6.0 or 6.5 and Cisco UCS-B and C series, FTDv running on ESXi 6.0 or 6.5 and Cisco UCS-B and C series and FTDv running on NFVIS v3.10 and ENCS 5406, ENCS 5408, ENCS 5412) FTD 6.4 NIAP Validation Ongoing (at Gossamer)
Cisco Cisco FTD 6.4 on Firepower 1000 and 2100 Series with FMC and FMCv (FPR 1010, FPR 1120, FPR 1140, FPR2110, FPR 2120, FPR2130, FPR 2140, FMC1000, FMC2500, FMC4500, FMC1600, FMC2600, FMC4600, FMCv running on ESXi 6.0 or 6.5 and Cisco UCS-B and C series) FTD 6.4 NIAP Validation Completed (at Gossamer)
Cisco Cisco FTD 6.4 on Firepower 4100 and 9300 Security Appliances (FPR 4110, FPR 4120, FPR 4140, FPR 4150, FPR 4115, FPR 4125, FPR 4145, FPR 9300 SM-24, FPR 9300 SM-36, FPR 9300 SM-44, FPR 9300 SM-40, FPR 9300 SM-48, FPR 9300 SM-56, FMC1000-K9, FMC2500-K9, FMC4500-K9, FMC1600-K9, FMC2600-K9, FMC4600-K9 and FMCv running on ESXi 5.5, 6.0 or 6.5 and Cisco UCS-B and C series) FX-OS 2.6 with FTD 6.4 NIAP Validation Ongoing (at Gossamer)
Cisco Cisco FTD 7.0 on Firepower 1000 and 2100 Series with FMC/FMCv (FPR 1010, FPR 1120, FPR 1140, FPR 1150, FPR 2110, FPR 2120, FPR 2130, FPR 2140, FMC1000 FMC2500, FMC4500, FMC1600, FMC2600, FMC4600 and FMCv running on ESXi 6.7 or 7.0 and Cisco UCS-C and E Series)
 		 FTD 7.0 NIAP Validation Ongoing (at Gossamer)

Juniper

SRX Product Series: SRX300, SRX320, SRX340, SRX345, SRX550M, SRX5400, SRX5600 and SRX5800

JUNOS 17.4R1

NIAP Validation Completed (at BAE Systems)

Juniper

SRX Product Series: SRX1500, SRX4100 and SRX4200

JUNOS 17.4R1

NIAP Validation Completed (at BAE Systems)

Juniper

SRX 4600 Product Series

Junos OS 18.1R1

Common Criteria Validation Completed (at BAE Systems)
Juniper SRX Product Series (SRX300, SRX320, SRX340, SRX345, SRX345-DUAL-AC, SRX550M) Junos OS 19.2R1 NIAP Validation Completed (at Teron Labs)
Juniper SRX Product Series (SRX1500, SRX4100, SRX4200, SRX4600) Junos OS 19.2R1 NIAP Validation Completed (at Teron Labs)
Juniper Junos OS 19.2R1-S2 for SRX5400, SRX5600 and SRX5800 Series Junos OS 19.2R1-S2 NIAP Validation Completed (at Teron Labs)
Juniper Junos OS 20.2R1 for SRX345, SRX345-DUAL-AC, SRX380 and SRX1500 Junos OS 20.2R1 NIAP Validation Completed (at Teron Labs)
McAfee McAfee Network Security Platform (NSM Linux Appliance v10.1.19.17 and NS Sensor Appliances v10.1.17.15) (NS3100, NS3200, NS5100, NS5200, NS3500, NS7100, NS7200, NS7300, NS7150, NS7250, NS7350, NS7500, NS9100, NS9200, NS9300S, NS9300P, NS9500 and Network Security Manager Linux Appliance) v10.1x NIAP Validation Completed (at Acumen)
SonicWall SonicOS Enhanced v6.5.4 with VPN and IPS on TZ, SOHO, NSa and SM Appliances Security (TZ 300P, TZ 350, TZ 350W, TZ 600P, SOHO 250, SOHO 250W, TZ300, TZ300W, TZ400, TZ400W, TZ500, TZ500W, TZ600, NSa2650, NSA3600, NSa3650, NSA4600, NSa4650, NSA5600, NSa5650, NSA6600, NSa6650, NSa9250, NSa9450, NSa9650, SM9200, SM9400, SM9600 and SM9800) Version 6.5.4 NIAP Validation Completed (at Acumen)

IPsec VPN Client

Click for Selections

Vendor Model Version CNSSP-11 Compliance
Apple Apple iOS 13 on iPhone and Apple iPadOS 13 on iPad, (Mobile Devices using the A8/A8X processor (iPad mini 4), A9/A9X processor (iPhone 6s, iPhone 6s Plus, iPhone SE, iPad 9.7-inch (5th gen), iPad Pro 9.7-inch, iPad Pro 12.9-inch), A10 Fusion/A10X Fusion processor (iPhone 7, iPhone 7 Plus, iPad 9.7-inch (6th gen), iPad 10.2-inch (7th gen), iPad Pro 12.9-inch (2nd gen), iPad Pro 10.5-inch), A11 Bionic processor (iPhone 8, iPhone 8 Plus, iPhone X), A12 Bionic/A12X Bionic/A12Z Bionic processor (iPhone Xs, iPhone Xs Max, iPhone XR, iPad mini (5th gen), 10.5-inch iPad Air (3rd gen), 11-inch iPad Pro, 12.9-inch iPad Pro (3rd gen), 11-inch iPad Pro (2nd gen), 12.9-inch iPad Pro (4th gen), and A13 Bionic processor (iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone SE (2nd gen)) iOS 13 NIAP Validation Completed (at ATSEC)
Aruba Virtual Intranet Access (VIA) v4.3 NIAP Validation Completed (at Leidos)
Apple
 		 Apple iOS 14 (iPhones using the A9 processor (iPhone 6s, iPhone 6s Plus, iPhone SE), A10 Fusion processor (iPhone 7, iPhone 7 Plus), A11 Bionic processor (iPhone 8, iPhone 8 Plus, iPhone X), A12 Bionic processor (iPhone Xs, iPhone Xs Max, iPhone XR) and A13 Bionic processor (iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone SE (2nd gen), and A14 Bionic (iPhone 12 mini, iPhone 12, iPhone 12 Pro, iPhone 12 Pro Max) iOS 14 NIAP Validation Completed (at ATSEC)
Apple Apple iPadOS 14 (iPads using the A9/A9X processor (iPad 9.7-inch (5th gen), iPad Pro 9.7-inch, iPad Pro 12.9-inch), A10 Fusion/A10X Fusion processor (iPad 9.7-inch (6th gen), iPad 10.2-inch (7th gen), iPad Pro 12.9-inch (2nd gen), iPad Pro 10.5-inch), A12 Bionic/A12X Bionic/A12Z Bionic processor (iPad mini (5th gen), 10.5-inch iPad Air (3rd gen), 11-inch iPad Pro, 12.9-inch iPad Pro (3rd gen), 11-inch iPad Pro (2nd gen), 12.9-inch iPad Pro (4th gen), and A14 Bionic processor (iPad Air (4th Gen)) iOS 14 NIAP Validation Completed (at ATSEC)
Cisco AnyConnect Secure Mobility Client for iOS 13 Version 4.9 NIAP Validation Completed (at Gossamer).
Cisco AnyConnect Secure Mobility Client for Android 11 v4.10 NIAP Validation Completed (at Gossamer)
Cisco AnyConnect Secure Mobility Client for Windows 10 v4.10 NIAP Validation Completed (at Gossamer)
Cisco AnyConnect Secure Mobility Client for Red Hat Enterprise Linux 8.1 v4.10 NIAP Validation Completed (at Gossamer)
Samsung Research America Samsung Galaxy Devices with Android 10-Fall (Galaxy A71 5G, Galaxy A51 5G, Galaxy Tab Active 3 and Galaxy Tab S4) Android 10 NIAP Validation Completed (at Gossamer)
Samsung Research America Samsung Galaxy Devices on Android 11-Spring (Galaxy S21 Ultra 5G, Galaxy S21+ 5G, Galaxy S21 5G, Galaxy Z Fold2 5G, Galaxy Note20 Ultra 5G, Galaxy Note20 Ultra LTE, Galaxy Note20 5G, Galaxy Note20 LTE, Galaxy Tab S7+ 5G, Galaxy Tab S7+, Galaxy Tab S7 5G, Galaxy Tab S7, Galaxy Z Flip 5G, Galaxy S20 Ultra 5G, Galaxy S20+ 5G, Galaxy S20+ LTE, Galaxy S20 5G, Galaxy S20 TE, Galaxy S20 LTE, Galaxy S20 FE, Galaxy XCover Pro, Galaxy A51, Galaxy Note10+ 5G, Galaxy Note10+, Galaxy Note10 5G, Galaxy Note10, Galaxy Tab S6 5G, Galaxy Tab S6, Galaxy S10 5G, Galaxy S10+, Galaxy S10, Galaxy S10e, Galaxy Fold 5G, Galaxy Fold and Galaxy Z Flip) Android 11 NIAP Validation Completed (at Gossamer)
Samsung Research America Samsung Galaxy Devices on Android 11-Fall (Galaxy A71 5G, Galaxy A51 5G, Galaxy Tab Active3, Galaxy A52 5G and Galaxy A42 5G) Android 11 NIAP Validation Completed (at Gossamer)
Samsung Research America Samsung Galaxy Devices on Android 12 - Spring (Galaxy S22 Ultra 5G, Galaxy S22+ 5G, Galaxy S22 5G, Galaxy S21 Ultra 5G, Galaxy S21+ 5G, Galaxy S21 5G, Galaxy Z Fold2 5G, Galaxy Note20 Ultra 5G, Galaxy Note20 Ultra LTE, Galaxy Note20 5G, Galaxy Note20 LTE, Galaxy Tab S8 Ultra, Galaxy Tab S8+, Galaxy Tab S8, Galaxy Tab S7+, Galaxy Tab S7, Galaxy Z Flip 5G, Galaxy S20 Ultra 5G, Galaxy S20+ 5G, Galaxy S20+ LTE, Galaxy S20 5G, Galaxy S20 TE, Galaxy S20 LTE, Galaxy S20 FE, Galaxy XCover Pro, Galaxy A51, Galaxy Note10+ 5G, Galaxy Note10+, Galaxy Note10 5G, Galaxy Note10, Galaxy Tab S6 5G, Galaxy Tab S6, Galaxy S10 5G, Galaxy S10+, Galaxy S10, Galaxy S10e, Galaxy Fold 5G, Galaxy Fold and Galaxy Z Flip) Android 12 NIAP Validation Ongoing (at Gossamer)

IPsec VPN Gateway

Click for Selections

Vendor Model Version CNSSP-11 Compliance
Aruba Aruba Mobility Controller Series (7005, 7008, 7010, 7024, 7030, 7205, 7210, 7220, 7240, 7240XM, 7280, 9004, Virtual Mobility Controller running on HPE EdgeLine EL8000, PacStar 451, PacStar 453, KLAS Telecom TDC Blade, Klas Telecom VoyagerVMm, IAS VPN Gateway Module NANO-VM, IAS VPN Gateway Module Classic Plus, DTECH M3-SE-SVR4, DTECHM3x and GTS NXGEN-L 11/12)
 		 Aruba OS 8.6 NIAP Validation Completed (at Gossamer)
Cisco Integrated Services Router 4000 Series (ISR4K) (ISR 4221, ISR 4321, ISR 4331, ISR 4351, ISR 4431, ISR 4451, ISR 4461, NIM-1GE-CU-SFP and NIM-2GE-CU-SFP) IOS-XE 17.3 NIAP Validation Ongoing (at Acumen)
Cisco Catalyst 8300 and 8500 Series Edge Routers (C8500-12X, C8500-12X4QC, C83001N1S-6T, C8300-1N1S-4T2X, C8300-2N2S-6T and C8300-2N2S-4T2X IOS-XE 17.3 NIAP Validation Ongoing (at Acumen)
Cisco Aggregation Services Router 1000 Series (ASR1K) (ASR 1001-X, ASR 1001-HX, ASR 1006X(ESP 100, RP2/3), ASR 1009-X(ESP 100/200, RP2/3), ASR 1013(ESP 100/200, RP2/3), ASR 1000-MIP100, EPA-18X1GE, EPA-10X10GE, EPA-1X100GE, EPA-CPAK-2X40GE, 1X100GE QSFP+, 2X40GE QSFP+ and 1X40GE QSFP+, ASR 1002-HX) IOS-XE 17.3 NIAP Validation Ongoing (at Acumen)

Cisco

4351, 4331, 4321 Integrated Services Routers

IOS XE 3.13.2

NIAP Validation Completed (at CGI)
Cisco Integrated Service Router (ISR) 1100 Series (ISR 1101, ISR 1109, ISR 1111, ISR 1112, ISR 1113, ISR 1116, ISR 1117, ISR 1118, ISR 1121, ISR 1126, ISR 1127, ISR 1128 and ISR 1161) IOS-XE 17.3 NIAP Validation Ongoing (at Acumen)
Cisco Adaptive Security Appliances (ASA) running on Firepower 2100 Series Appliances (FPR 2110, FPR 2120, FPR 2130, FPR 2140) ASA v9.12 and FX-OS 2.6 NIAP Validation Completed (at Gossamer)
Cisco Adaptive Security Appliances (ASA) running on Firepower 4100 and 9300 Security Appliances (FPR 4110, FPR 4115, FPR 4120, FPR 4125, FPR 4140, FPR 4145, FPR 4150, FPR 9300 SM-24, FPR 9300 SM-36, FPR 9300 SM-44, FPR 9300 SM-40, FPR 9300 SM-48, FPR 9300 SM-56) ASA v9.12 and FX-OS 2.6 NIAP Validation Completed (at Gossamer)
Cisco Cisco ASA 5500 and ASAv (ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASAv5, ASAv10, ASAv30 and ASAv50 running on ESXi 6.0 or 6.5 and Cisco UCS-B and C series) ASA 9.12 NIAP Validation Ongoing (at Gossamer)
Cisco Cisco Cloud Services Router 1000V IOS-XE 17.3 NIAP Validation Completed (at Acumen).
Cisco Cisco Embedded Services Router (ESR) 6300 Series (ESR-6300-CON-K9 and ESR-6300-NCP-K9) IOS-XE 17.3 NIAP Validation Ongoing (at Gossamer)
Cisco Cisco FTD 6.4 on Firepower 4100 and 9300 Security Appliances (FPR 4110, FPR 4120, FPR 4140, FPR 4150, FPR 4115, FPR 4125, FPR 4145, FPR 9300 SM-24, FPR 9300 SM-36, FPR 9300 SM-44, FPR 9300 SM-40, FPR 9300 SM-48, FPR 9300 SM-56, FMC1000-K9, FMC2500-K9, FMC4500-K9, FMC1600-K9, FMC2600-K9, FMC4600-K9 and FMCv running on ESXi 5.5, 6.0 or 6.5 and Cisco UCS-B and C series) FX-OS 2.6 with FTD 6.4 NIAP Validation Ongoing (at Gossamer)
Cisco Cisco FTD 6.4 on Firepower 1000 and 2100 Series with FMC and FMCv (FPR 1010, FPR 1120, FPR 1140, FPR2110, FPR 2120, FPR2130, FPR 2140, FMC1000, FMC2500, FMC4500, FMC1600, FMC2600, FMC4600, FMCv running on ESXi 6.0 or 6.5 and Cisco UCS-B and C series) FTD 6.4 NIAP Validation Completed (at Gossamer)
Cisco Adaptive Security Appliances (ASA) on Firepower 1000 and 2100 Series (FPR 1010, FPR 1120, FPR 1140; FPR 1150; FPR 2110, FPR 2120, FPR 2130, FPR 2140) ASA v9.16 NIAP Validation Ongoing (at Gossamer)
Cisco Adaptive Security Appliances (ASA) 5500-X, Industrial Security Appliances (ISA) 3000 and Adaptive Security Appliances Virtual (ASAv) (ASA 5508, ASA 5516, ISA 3000; ASAv5, ASAv10, ASAv30, ASAv50, ASAv100 running on ESXi 6.7 or 7.0 and Cisco UCS-C and E series, or running on NFVIS v4.4.2 on ENCS 5406, ENCS 5408, ENCS 5412) ASA v9.16 NIAP Validation Ongoing (at Gossamer)
Cisco Embedded Services Router (ESR) 5921 IOS 15.9M NIAP Validation Ongoing (at Acumen)
Cisco Aggregation Services Router 1000 Series (ASR1K) (ASR 1002-X and ASR 1006) IOS-XE 17.3 NIAP Validation Completed (at Acumen)
Cisco ASA on Firepower 4100 and 9300 Security Appliances (FPR 4110, FPR 4112, FPR 4115, FPR 4120, FPR 4125, FPR 4140, FPR4145, FPR 4150; FPR 9300 SM-24, FPR 9300 SM-36, FPR 9300 SM-40, FPR 9300 SM-44, FPR 9300 SM-48, FPR 9300 SM-56) ASA 9.16 NIAP Validation Ongoing (at Gossamer)
Cisco Cisco FTD 7.0 on Firepower 1000 and 2100 Series with FMC/FMCv (FPR 1010, FPR 1120, FPR 1140, FPR 1150, FPR 2110, FPR 2120, FPR 2130, FPR 2140, FMC1000, FMC2500, FMC4500, FMC1600, FMC2600) FTD 7.0 NIAP Validation Ongoing (at Gossamer)
Check Point Software Technologies Security Gateway and Maestro Hyperscale Appliances (3600, 3800, 6200, 6400, 6600, 6700, 6900, 7000, 16000, 16200, 16600, 26000, 28000, 239**, Smart-1 525, Smart-1 600-S, Smart-1 600-M, Smart-1 6000-L, Smart-1 6000-XL and ESXi 7.0 (HPE D360 G10) R81.00 NIAP Validation Completed (at Gossamer)
CommScope Technologies Ruckus FastIron ICX 7450 Series Router 8.0.70 with IPsec VPN (ICX 7450-24, ICX 7450-24P, ICX 7450-48, ICX 7450-48P and ICX 7450-48F) 8.0.70, 8.0.90 and 8.0.95 NIAP Validation Completed (at Gossamer)

Juniper

SRX Product Series: SRX300, SRX320, SRX340, SRX345, SRX550M, SRX5400, SRX5600 and SRX5800

JUNOS 17.4R1

NIAP Validation Completed (at BAE Systems)
Juniper SRX Product Series (SRX300, SRX320, SRX340, SRX345, SRX345-DUAL-AC, SRX550M) Junos OS 19.2R1 NIAP Validation Completed (at Teron Labs)
Juniper SRX Product Series (SRX1500, SRX4100, SRX4200, SRX4600) Junos OS 19.2R1 NIAP Validation Completed (at Teron Labs)
Juniper Junos OS 19.2R1-S2 for SRX5400, SRX5600 and SRX5800 Series Junos OS 19.2R1-S2 NIAP Validation Completed (at Teron Labs)
Juniper Junos OS 20.2R1 for SRX345, SRX345-DUAL-AC, SRX380 and SRX1500 Junos OS 20.2R1 NIAP Validation Completed (at Teron Labs)
PacStar PacStar 451/453/455 Series with Cisco ASAv v9.12 NIAP Validation Completed (at Gossamer)
Palo Alto Networks PA-220, PA-800, PA-3000, PA-3200, PA-5200, PA-7000 and VM Series NGFW (PA-220, PA-220R, PA-820, PA-850, PA-3020, PA-3050, PA-3060, PA-3220, PA-3250, PA-3260, PA-5220, PA-5250, PA-5260, PA-5280, PA-7050, PA-7080 and VM-50, VM-100, VM-200, VM-300, VM-500, VM-700 and VM-1000-HV using VMware ESXi with vSphere 5.5, 6.0, 6.5 or 6.7 and Linux KVM) PAN-OS 9.0, PAN-OS 9.1.8 and PAN-OS 10.0.5 NIAP Validation Completed (at Leidos)
SonicWall

SonicOS Enhanced v6.5.4 with VPN and IPS on TZ, SOHO, NSa and SM Appliances Security (TZ 300P, TZ 350, TZ 350W, TZ 600P, SOHO 250, SOHO 250W, TZ300, TZ300W, TZ400, TZ400W, TZ500, TZ500W, TZ600, NSa2650, NSA3600, NSa3650, NSA4600, NSa4650, NSA5600, NSa5650, NSA6600, NSa6650, NSa9250, NSa9450, NSa9650, SM9200, SM9400, SM9600 and SM9800)

 Version 6.5.4 NIAP Validation Completed (at Acumen)
WatchGuard Technologies FireWare on Firebox Next Generation Firewalls (T20, T20-W, T35, T35-W, T40, T40-W, T55, T55-W, T70, T80, M270, M370, M470, M570, M670, M4600, M5600) OS v12.6.2 NIAP Validation Completed (at Gossamer)

MACSEC Ethernet Encryption Devices

Click for Selection

Vendor Model Version CNSSP-11 Compliance
Cisco Aggregation Services Router 9000 Series (ASR9K) (ASR 9006, ASR 9010, ASR 9901, ASR 9904, ASR 9906, ASR 9910, ASR 9912, ASR 9922, A9K-RSP880, A99-RP3, A9K-RSP5, A99-4X100GE, A99-8X100GE, A99-12X100GE, A9K-16X100GE, A99-32X100GE, A9K-4X100GE, A9K-8X100GE and A9K-MOD400) IOS-XR 7.1 NIAP Validation Ongoing (at Acumen)
Cisco Integrated Services Router 4000 Series (ISR4K) (ISR 4321, ISR 4331, ISR 4351, ISR 4431, ISR 4451, ISR 4461, NIM-1GE-CU-SFP and NIM-2GE-CU-SFP) IOS-XE 17.3 NIAP Validation Ongoing (at Acumen)
Cisco Catalyst 8300 and 8500 Series Edge Routers (C8500-12X, C8500-12X4QC, C8300-1N1S-6T, C8300-1N1S-4T2X, C8300-2N2S-6T and C8300-2N2S-4T2X IOS-XE 17.3 NIAP Validation Ongoing (at Acumen)
Cisco Aggregation Services Router 1000 Series (ASR1K) (ASR 1001-X, ASR 1001-HX, ASR 1006X(ESP 100, RP2/3), ASR 1009-X(ESP 100/200, RP2/3), ASR 1013(ESP 100/200, RP2/3), ASR 1000-MIP100, EPA-18X1GE, EPA-10X10GE, EPA-1X100GE, EPA-CPAK-2X40GE, 1X100GE QSFP+, 2X40GE QSFP+ and 1X40GE QSFP+, ASR 1002-HX, ASR 1002-HX) IOS-XE 17.3 NIAP Validation Ongoing (at Acumen)

Cisco

Catalyst 9200/9300/9400 Series Switches (C9200-24T, C9200-48T, C9200-24P, C9200-48P, C9200-24P8X, C9200-48P8X, C9200L-24P-4G, C9200L-24P-4X, C9200L-24T-4G, C9200L-24T-4X, C9200L-48P-4G, C9200L-48P-4X, C9200L-48T-4G, C9200L-48T-4X, C9200L-24P8X-2Y, C9200L-24P8X-4X, C9200L-48P12X-4X, C9200L-48P8X-2Y, C9300-24S, C9300-48S, C9300L-24T-4G, C9300L-24P-4G, C9300L-48T-4G, C9300L-48P-4G, C9300L-24T-4X, C9300L-24P-4X, C9300L-48T-4X, C9300L-48P-4X, C9300L-24UX-4X, C9300L-48UX-4X, C9300L-24UX-2Q, C9300L-48UX-2Q, Chassis C9404R, C9407R, C9410R; Supervisor C9400-SUP-1, C9400-SUP-1XL, C9400-SUP-1XL-Y)

IOS-XE 16.12

NIAP Validation Ongoing (at Acumen)
Cisco Cisco,   Catalyst 9400 and 9600 Series Switches (C9404R, C9407R, C9410R; Supervisor: C9400-SUP-1, C9400-SUP-1XL, C9400-SUP-1XL-Y; Linecards: C9400-LC-48U, C9400-LC-48T, C9400-LC-48P, C9400-LC-24XS, C9400-LC-48UX, C9400-LC-24S, C9400-LC-48S C9606R; Supervisor: C9600-SUP-1; Linecards: C9600-LC-24C, C9600-LC-48YL, C9600-LC-48TX, C9600-LC-24S) IOS-XE 17.6 NIAP Validation Ongoing (at Acumen)
Cisco Catalyst 9200/9200L Series Switches (C9200-24T, C9200-48T, C9200-24P, C9200-48P, C9200-24PB; C9200-48PB; C9200-24PXG; C9200-48PXG; Network Modules: C9200-NM-4G, C9200-NM-4X, C9200-NM-2Y, C9200-NM-2Q C9200L-24P-4G, C9200L-48P-4G, C9200L-48PL-4G, C9200L-24P-4X, C9200L-48P-4X, C9200L-48PL-4X, C9200L-24T-4G, C9200L-48T-4G, C9200L-24T-4X, C9200L-48T-4X, C9200L-24PXG-2Y, C9200L-48PXG-2Y, C9200L-24PXG-4X, C9200L-48PXG-4X) IOS-XE 17.6 NIAP Validation Ongoing (at Acumen)
Cisco Catalyst 9300 and 9500 Series Switches (C9300-24T, C9300-48T, C9300-24P, C9300-48P, C9300-24U, C9300-48U, C9300-24UX, C9300-48UXM, C9300-48UN, C9300-24S, C9300-48S, C9300D-24UB, C9300D-48UB, C9300D-24UXB, C9300-24H, C9300-48H, C9300L-24T-4G, C9300L-48T-4G, C9300L-24P-4G, C9300L-48P-4G, C9300L-24T-4X, C9300L-48T-4X, C9300L-24P-4X, C9300L-48P-4X, C9300L-48PF-4G, C9300L-48PF-4X, C9300L-24UXG-4X, C9300L-24UXG-2Q, C9300L-48UXG-4X, C9300L-48UXG-2Q, C9300X-12Y, C9300X-24Y, C9300X-48Y, C9300X-12Q; Network Models: C9300-NM-4G, C9300-NM-8X, C9300-NM-2Q, C9300-NM-4M, C9300-NM-2Y, C9300X-NM-8Y, C9300X-NM-4C, C9300X-NM-2C, C9300X-NM-8M, C9500-12Q, C9500-24Q, C9500-40X, C9500-16X, C9500-32C, C9500-32QC, C9500-24Y4C, C9500-48Y4C, Network Models: C9500-NM-8X, C9500-NM-2Q) IOS-XE 17.6 NIAP Validation Ongoing (at Acumen)
Cisco Cisco 8000 Series Routers running on IOS-XR 7.3 (8808-SYS, 8812-SYS, 8818-SYS, 8800-RP, 8800-FC, 8800-LC-48H, 8800-LC-36FH-36x400 and 8800-LC-36FH LC)
 		 IOS-XR 7.3 NIAP Validation Ongoing (at Acumen)

MDM

Click for Selections

Vendor Model Version CNSSP-11 Compliance

Blackberry

Blackberry Enterprise Service

v12.5

NIAP Validation Completed (at EWA-Canada)
Blackberry Unified Endpoint Management (UEM) Server and Android Client v12 NIAP Validation Completed (at Gossamer)
MobileIron, an Ivanti Company MobileIron Platform 11 v11 NIAP Validation Completed (at Gossamer)
Samsung SDS Enterprise Mobility Management (EMM) v2.2.5 NIAP Validation Completed (at Gossamer)

VMware

Workspace One Unified Endpoint Management 1907 and Intelligent Hub 19.08

v1907

NIAP Validation Completed (at BAH)

Session Border Controller

Click for Selections

Vendor Model Version CNSSP-11 Compliance
Cisco CUBE on Cloud Services Router 1000v (CSR1000v) (UCS C240 M5 and C480 M5) IOS-XE 17.3 NIAP Validation Completed (at Acumen)

Enterprise Session Controller (aka SIP Server)

Click for Selections

Vendor Model Version CNSSP-11 Compliance
Cisco CUCM v12.5 and v14.0  NIAP Validation Completed (at Acumen)
Cisco CUCM and the IM and Presence Service v12.5 and v14.0 NIAP Validation Completed (at Acumen)

Blackberry

SecuGATE

v4.0

NIAP Validation Completed (at Gossamer)
Cellcrypt Cellcrypt Server RHEL 7.6 NIAP Validation Completed (at Acumen)

Software Full Drive Encryption

Click for Selections

Vendor Model Version CNSSP-11 Compliance

Curtiss-Wright Defense Solutions

Data Transport System 1-Slot (DTS1) Software Encryption Layer

v5.1

NIAP Validation Completed (at Gossamer)
Galleon Embedded Computing XSR and G1 Hardware Encryption Layer RHEL 8.4 NIAP Validation Completed (at Gossamer)
NetApp Volume Encryption Appliances ONTAP 9.7P13 NIAP Validation Completed (at Leidos)

TLS Protected Servers

Click for Selections

Vendor Model Version CNSSP-11 Compliance

Bivio Networks Inc.

Bivio 6310-NC (B6310-NC, B6310R-NC, PacStar 451)

Red Hat Enterprise Linux v8.2

NIAP Validation Completed (at UL Verification Services)

Blackberry

SecuSUITE

v4.0

NIAP Validation Completed (at Gossamer)
Cisco CUCM and the IM and Presence Service v12.5 NIAP Validation Completed (at Acumen)
Cisco Stealthwatch Enterprise (ST-SMC2200-K9, ST-SMC2210-K9, L-ST-SMC-VE-K9, ST-FC4200-K9, ST-FC4210-K9, ST-FC5200D with ST-FC5200E, ST-FC5210-D with ST-FC5210-E, L-ST-FC-VE-K9, ST-FS1200-K9, ST-FS1210-K9, ST-FS2200-K9, ST-FS3200-K9, ST-FS3210-K9, ST-FS4200-K9, ST-FS4210-K9, L-ST-FS-VE-K9, ST-UDP2200-K9, ST-UDP2210-K9, L-ST-UDP-VE-K9) v7.1 NIAP Validation Completed (at Gossamer)
F5 Networks BIG-IP for LTM+APM          14.1.0 NIAP Validation Completed (at Atsec)
F5 Networks BIG-IP for LTM+AFM          14.1.0 NIAP Validation Completed (at Atsec)
F5 Networks BIG-IP for LTM+APM 14.1.2 VE NIAP Validation Completed (at Atsec)
F5 Networks BIG-IP for LTM+AFM          14.1.2 VE NIAP Validation Completed (at Atsec)
Guardtime Federal Black Lantern BL300 Series and BL400 with BLKSI 2.2.0-FIPS (BL300-B2, BL300-C2 and BL400-A1) Green Hills Integrity RTOS NAIP Validation Ongoing (at Leidos)
Palo Alto Networks M-100, M-200, M-500, M600 Hardware and Virtual Appliances Panorama 9.0, Panorama 9.1.8 and Panorama 10.0.5 NIAP Validation Completed (at Leidos)
Red Hat Enterprise Linux v7.6 NIAP Validation Completed (at Acumen)
Red Hat Enterprise Linux v8.1 NIAP Validation Completed (at Acumen)
SonicWall Secure Mobile Access (SMA 6210, SMA 7210, SMA 8200v) v12.4 NIAP Validation Completed (at CygnaCom Solutions)

TLS Software Applications

Click for Selections

Note: Components listed here are validated for their ability to establish a TLS connection as specified in the Capability Packages.  Additional functionality not described within the Capability Packages and evaluated by the Protection Profile for Application Software are beyond the scope of CSfC approval.

Vendor Model Version CNSSP-11 Compliance
Hypori, LLC Virtual Mobile Infrastructure Platform Client (Android) v4.2.0 NIAP Validation Completed (at Leidos)
Hypori, LLC Virtual Mobile Infrastructure Platform Client (iOS) v4.2.0 NIAP Validation Completed (at Leidos)
Hypori, LLC Virtual Mobile Infrastructure Platform Client (Windows) v4.2.0 NIAP Validation Completed (at Leidos)
Palo Alto Networks GlobalProtect App v5.1.5 NIAP Validation Completed (at Leidos)
Peraton Labs (formerly Perspecta) SecureIO v2.0.4 NIAP Validation Completed (at Acumen)

Traffic Filtering Firewall

Click for Selections

Vendor Model Version CNSSP-11 Compliance
Aruba Aruba Mobility Controller Series (7005, 7008, 7010, 7024, 7030, 7205, 7210, 7220, 7240, 7240XM, 7280, 9004, Virtual Mobility Controller running on HPE EdgeLine EL8000, PacStar 451, PacStar 453, KLAS Telecom TDC Blade, Klas Telecom VoyagerVMm, IAS VPN Gateway Module NANO-VM, IAS VPN Gateway Module Classic Plus, DTECH M3-SE-SVR4, DTECHM3x and GTS NXGEN-L 11/12) Aruba OS 8.6 NIAP Validation Completed (at Gossamer)
Check Point Software Technologies Security Gateway and Maestro Hyperscale Appliances (3600, 3800, 6200, 6400, 6600, 6700, 6900, 7000, 16000, 16200, 16600, 26000, 28000, 239**, Smart-1 525, Smart-1 600-S, Smart-1 600-M, Smart-1 6000-L, Smart-1 6000-XL and ESXi 7.0 (HPE D360 G10) R81.00 NIAP Validation Completed (at Gossamer)
Cisco Adaptive Security Appliances (ASA) running on Firepower 2100 Series Appliances (FPR 2110, FPR 2120, FPR 2130, FPR 2140) ASA v9.12 and FX-OS 2.6 NIAP Validation Completed (at Gossamer)
Cisco Adaptive Security Appliances (ASA) running on Firepower 4100 and 9300 Security Appliances (FPR 4110, FPR 4115, FPR 4120, FPR 4125, FPR 4140, FPR 4145, FPR 4150, FPR 9300 SM-24, FPR 9300 SM-36, FPR 9300 SM-44, FPR 9300 SM-40, FPR 9300 SM-48, FPR 9300 SM-56) ASA v9.12 and FX-OS 2.6 NIAP Validation Completed (at Gossamer)
Cisco Cisco FTD 6.4 on Firepower 1000 and 2100 Series with FMC and FMCv (FPR 1010, FPR 1120, FPR 1140, FPR2110, FPR 2120, FPR2130, FPR 2140, FMC1000, FMC2500, FMC4500, FMC1600, FMC2600, FMC4600, FMCv running on ESXi 6.0 or 6.5 and Cisco UCS-B and C series) FTD 6.4 NIAP Validation Compled (at Gossamer)
Cisco Cisco FTD 6.4 on Firepower 4100 and 9300 Security Appliances (FPR 4110, FPR 4120, FPR 4140, FPR 4150, FPR 4115, FPR 4125, FPR 4145, FPR 9300 SM-24, FPR 9300 SM-36, FPR 9300 SM-44, FPR 9300 SM-40, FPR 9300 SM-48, FPR 9300 SM-56, FMC1000-K9, FMC2500-K9, FMC4500-K9, FMC1600-K9, FMC2600-K9, FMC4600-K9 and FMCv running on ESXi 5.5, 6.0 or 6.5 and Cisco UCS-B and C series) FX-OS 2.6 with FTD 6.4 NIAP Validation Ongoing (at Gossamer)
Cisco Cisco ASA 5500 and ASAv (ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASAv5, ASAv10, ASAv30 and ASAv50 running on ESXi 6.0 or 6.5 and Cisco UCS-B and C series) ASA 9.12 NIAP Validation Completed (at Gossamer)
Cisco Adaptive Security Appliances (ASA) on Firepower 1000 and 2100 Series (FPR 1010, FPR 1120, FPR 1140; FPR 1150; FPR 2110, FPR 2120, FPR 2130, FPR 2140) ASA v9.16 NIAP Validation Ongoing (at Gossamer)
Cisco Adaptive Security Appliances (ASA) 5500-X, Industrial Security Appliances (ISA) 3000 and Adaptive Security Appliances Virtual (ASAv) (ASA 5508, ASA 5516, ISA 3000; ASAv5, ASAv10, ASAv30, ASAv50, ASAv100 running on ESXi 6.7 or 7.0 and Cisco UCS-C and E series, or running on NFVIS v4.4.2 on ENCS 5406, ENCS 5408, ENCS 5412) ASA v9.16 NIAP Validation Ongoing (at Gossamer)
Cisco ASA on Firepower 4100 and 9300 Security Appliances (FPR 4110, FPR 4112, FPR 4115, FPR 4120, FPR 4125, FPR 4140, FPR4145, FPR 4150; FPR 9300 SM-24, FPR 9300 SM-36, FPR 9300 SM-40, FPR 9300 SM-44, FPR 9300 SM-48, FPR 9300 SM-56) ASA 9.16 NIAP Validation Ongoing (at Gossamer)
Cisco Cisco FTD 7.0 on Firepower 1000 and 2100 Series with FMC/FMCv (FPR 1010, FPR 1120, FPR 1140, FPR 1150, FPR 2110, FPR 2120, FPR 2130, FPR 2140, FMC1000, FMC2500, FMC4500, FMC1600, FMC2600, FMC4600 and FMCv running on ESXi 6.7 or 7.0 and Cisco USC-C and E series
 		 FTD 7.0 NIAP Validation Ongoing (at Gossamer)

F5 Networks

BIG-IP for LTM+AFM

Version 12.1.3.4

NIAP Validation Completed (at ATSEC)

F5 Networks

BIG-IP for LTM+AFM

Version 13.1.1

NIAP Validation Completed (at ATSEC)
F5 Networks BIG-IP for LTM+AFM v14.1.0 NIAP Validation Completed (at ATSEC)
F5 Networks BIG-IP for LTM+AFM v14.1.2 NIAP Validation Completed (at ATSEC)

Forcepoint Federal

Next Generation Firewall (N120, N120W, N120WL, N60, 2201, 2205, 2210, 3401, 3405, 3410 and ESXi 7.0)

LINUX v6.10

NIAP Validation Completed (at Gossamer)

Juniper

SRX Product Series: SRX300, SRX320, SRX340, SRX345, SRX550M, SRX5400, SRX5600 and SRX5800

JUNOS 17.4R1

NIAP Validation Completed (at BAE Systems)
Juniper SRX Product Series (SRX300, SRX320, SRX340, SRX345, SRX345-DUAL-AC, SRX550M) Junos OS 19.2R1 NIAP Validation Completed (at Teron Labs)
Juniper SRX Product Series (SRX1500, SRX4100, SRX4200, SRX4600) Junos OS 19.2R1 NIAP Validation Completed (at Teron Labs)
Juniper Junos OS 19.2R1-S2 for SRX5400, SRX5600 and SRX5800 Series Junos OS 19.2R1-S2 NIAP Validation Completed (at Teron Labs)
Juniper Junos OS 20.2R1 for SRX345, SRX345-DUAL-AC, SRX380 and SRX1500 Junos OS 20.2R1 NIAP Validation Completed (at Teron Labs)
PacStar PacStar 451/453/455 Series with Cisco ASAv v9.12 NIAP Validation Completed (at Gossamer)
Palo Alto Networks PA-220, PA-800, PA-3000, PA-3200, PA-5200, PA-7000 and VM Series NGFW (PA-220, PA-220R, PA-820, PA-850, PA-3020, PA-3050, PA-3060, PA-3220, PA-3250, PA-3260, PA-5220, PA-5250, PA-5260, PA-5280, PA-7050, PA-7080 and VM-50, VM-100, VM-200, VM-300, VM-500, VM-700 and VM-1000-HV using VMware ESXi with vSphere 5.5, 6.0, 6.5 or 6.7 and Linux KVM) PAN-OS 9.0, PAN-OS 9.1.8 and PAN-OS 10.0.5 NIAP Validation Completed (at Leidos)
SonicWall SonicOS Enhanced v6.5.4 with VPN and IPS on TZ, SOHO, NSa and SM Appliances Security (TZ 300P, TZ 350, TZ 350W, TZ 600P, SOHO 250, SOHO 250W, TZ300, TZ300W, TZ400, TZ400W, TZ500, TZ500W, TZ600, NSa2650, NSA3600, NSa3650, NSA4600, NSa4650, NSA5600, NSa5650, NSA6600, NSa6650, NSa9250, NSa9450, NSa9650, SM9200, SM9400, SM9600 and SM9800) Version 6.5.4 NIAP Validation Completed (at Acumen)
WatchGuard Technologies FireWare on Firebox Next Generation Firewalls (T20, T20-W, T35, T35-W, T40, T40-W, T55, T55-W, T70, T80, M270, M370, M470, M570, M670, M4600, M5600) OS v12.6.2 NIAP Validation Completed (at Gossamer)

VoIP Applications

Click for Selections

Vendor Model Version CNSSP-11 Compliance

Blackberry

SecuSUITE Client and CACI SteelBox

v4.0

NIAP Validation Completed (at Gossamer)

Web Browsers

Click for Selections

Vendor Model Version CNSSP-11 Compliance

WLAN Access System

Click for Selections

Vendor Model Version CNSSP-11 Compliance
Aruba Aruba Mobility Controller Series (7005, 7008, 7010, 7024, 7030, 7205, 7210, 7220, 7240, 7240XM, 7280, 9004, Virtual Mobility Controller running on HPE EdgeLine EL8000, PacStar 451, PacStar 453, KLAS Telecom TDC Blade, Klas Telecom VoyagerVMm, IAS VPN Gateway Module NANO-VM, IAS VPN Gateway Module Classic Plus, DTECH M3-SE-SVR4, DTECHM3x and GTS NXGEN-L 11/12) Aruba OS 8.6 NIAP Validation Ongoing (at Gossamer)
Cisco Wireless LAN (Controllers Catalyst 9800, Catalyst 9800-40, Cloud Catalyst 9800 and Aironet AP's 4800, 3802, 2802, 1562) IOS-XE 16.12 NIAP Validation Completed (at Acumen)
CommScope Ruckus SmartZone WLAN Controllers and Access Points (SZ-144, SZ-300, vSZ-E, vSZ-H, vSZ-D on VMware ESXi 6.5 and Access Points R610, R650, R750, T610, T710 and R850) R5.2.1.3 NIAP Validation Completed (at Gossamer).
Ultra Electronics-3eTI Airguard 3e-525/523 Series Wireless Access Points (3e-525N, 3e-525N MP, 3e-525NV, 3e-523N, 3e-523NF, 3e-523NR) v5.1.0 NIAP Validation Completed (at Gossamer)

WLAN Client

All validated End User Device / Mobile Platform components include validated WLAN Client implementations