Skip to Components List Index
Customers select products from this listing to satisfy the reference architectures and configuration information contained in published Capability Packages. Customers must ensure that the components selected will permit the necessary functionality for the selected architecture.
For some technologies, the CSfC program requires specific, selectable requirements to be included in the Common Criteria evaluation validating that the product complies with the applicable NIAP-approved protection profile(s). Some selections, which are not required for the product to be listed on the NIAP Product Compliant List, are mandatory selections for products that are to be listed on the CSfC Components List.
To see the selectable requirements, go to the CSfC Components List and click on the links for IPSec VPN Gateways, IPSec VPN Clients, WLAN Clients, WLAN Access Systems, Certificate Authorities, MDM, SW FDE, Mobile Platforms, SIP Servers and VoIP Applications.
Open source components may be listed, provided they have a responsible sponsor, and an NSA-approved plan for, taking a component through Common Criteria evaluation and sustainment of the component. Customers wishing to use open source components should contact us with their evaluation and sustainment plans and the responsible parties for each.
Contact us here for questions regarding the CSfC Components List.
Which protection profiles are published and which are in development?
View a current listing of NIAP approved U.S. Government Protection Profiles.
View a listing of U.S. Government Protection Profiles currently in development.
Additional information about NIAP and the Common Criteria Evaluation and Validation Scheme.
What is the process to get a commercial product CSfC-listed?
Vendors who wish to have their products eligible as CSfC components of a composed, layered information assurance solution must build their products in accordance with the applicable US Government approved Protection Profile(s) and submit their product using the Common Criteria Process.
For vendors utilizing either a U.S. Common Criteria Testing Laboratory (CCTL) or a foreign CCTL, the Product will not be added to the Components List until the NIAP/Common Criteria evaluation is in complete and the Product is posted to NIAP's Product Compliant List (PCL).
Vendors interested in having their products eligible as CSfC Components should notify NSA (csfc_components@nsa.gov) of your intent during the initial stage of the process (i.e. preferably during product development and before contracting to complete an evaluation). Vendors are encouraged to contact NSA with any questions or issues related to CSfC selections for Components and/or the CSfC Components List Process. NSA's objective is to collaborate with vendors to support the addition of suitable products to the CSfC Components List.
In deciding whether a particular product is appropriate for CSfC, NSA considers the totality of circumstances known to NSA, including the vendor's past willingness to fix vulnerabilities, supply chain, foreign ownership, control or influence, the proposed uses of the product under consideration and any other relevant information available to NSA. Vendors of products submitted for consideration under the CSfC process will be notified of NSA's decision on a product-by product basis.
The vendor will enter into a Memorandum of Agreement (MoA) with NSA. The MoA specifies that the vendor's product must be NIAP certified and that the vendor agrees to fix vulnerabilities in a timely fashion. The MoA may also reference technology-specific selections for NIAP testing.
Interested vendors must complete and submit the CSfC Questionnaire (PDF) for each product. Please submit completed questionnaires via email.
An Update to the Manufacturer Diversity Requirement
The manufacturer diversity requirement for CSfC layered solutions has been modified to permit, subject to certain conditions, single-manufacturer implementations of both layers. The manufacturer must show sufficient independence in the code base and cryptographic implementations of the products used to implement each layer. To demonstrate this, a manufacturer must document the similarities and differences between the two products, to include cryptographic hardware components, software code base (i.e. operating system), software cryptographic libraries, and development teams. It is a fundamental requirement that the code bases of the two products be significantly different. Additionally, the vendor must document measures taken to ensure that supply chain risk is no greater than would be the case for products from two different vendors. NSA will review the information and determine whether the documentation is sufficient to meet the requirements for independent layers. Manufacturer diversity will continue to be accepted to constitute independent layers.
Please contact the CSfC PMO at csfc_components@nsa.gov for approved Independence Layer Approval letters.
- Curtiss-Wright DTS1 Implementation Independence Letter
- (1) The Curtiss-Wright DTS1 Hardware Encryption Layer (v5.4)
- (2) The Curtiss-Wright DTS1 Software Encryption Layer (v3.01.00)
- Samsung Electronics Co., Ltd
- (1) Platform Encryption: Samsung Galaxy Devices on Android 12/13
- (2) File Encryption: Samsung Knox File Encryption 1.4/1
- Galleon Embedded Computing
- (1) Galleon Embedded Computing XSR and G1 Hardware Encryption Layer
- (2) Galleon Embedded Computing XSR and G1 Software Encryption Layer
Vendors who wish to submit a statement may do so via email.
Components List Index
Authentication Server
Click for Selections
Certification Authority
Click for Selections
Client Virtualization Systems
Click for Selections
Vendor |
Model |
Version |
CNSSP-11 Compliance |
|
|
|
E-mail Clients
Click for Selections
Vendor |
Model |
Version |
CNSSP-11 Compliance |
|
|
|
|
End User Device / Mobile Platform
Click for Selections
Vendor |
Model |
Version |
CNSSP-11 Compliance |
Certification Date |
Pixel Devices (Pixel 4a, Pixel 4a-5G, Pixel 5, Pixel5a-5G, Pixel 6a, Pixel 6, Pixel 6 Pro, Pixel 7, and Pixel 7 Pro) |
Android 13 |
NIAP Validation Completed (at Gossamer) |
2023.01.24 |
Samsung Galaxy Devices on Android 12- Fall (Galaxy Z Flip4,Galaxy Fold4 5G,Galaxy XCover6Pro, Galaxy A53 5G, Galaxy A52 5G, Galaxy A71 5G, Galaxy Tab Active 3, Galaxy TabActive4 Pro) |
Android 12 |
NIAP Validation Completed (at Gossamer) |
2022.10.28 |
Samsung Galaxy Devices on Android 12 - Spring (Galaxy S22 Ultra 5G, Galaxy S22+ 5G, Galaxy S22 5G, Galaxy S21 Ultra 5G, Galaxy S21+ 5G, Galaxy S21 5G, Galaxy Z Fold2 5G, Galaxy Note20 Ultra 5G, Galaxy Note20 Ultra LTE, Galaxy Note20 5G, Galaxy Note20 LTE, Galaxy Tab S8 Ultra, Galaxy Tab S8+, Galaxy Tab S8, Galaxy Tab S7+, Galaxy Tab S7, Galaxy Z Flip 5G, Galaxy S20 Ultra 5G, Galaxy S20+ 5G, Galaxy S20+ LTE, Galaxy S20 5G, Galaxy S20 LTE, Galaxy S20 FE, Galaxy XCover Pro, Galaxy A51, Galaxy Note10+ 5G, Galaxy Note10+, Galaxy Note10 5G, Galaxy Note10, Galaxy Tab S6 5G, Galaxy Tab S6, Galaxy S10 5G, Galaxy S10+, Galaxy S10, Galaxy S10e, Galaxy Fold 5G, Galaxy Fold and Galaxy Z Flip) |
Android 12 |
NIAP Validation Ongoing (at Gossamer) |
2022.05.25 |
Samsung Galaxy Devices on Android 13- Spring (Galaxy S23 Ultra 5G, Galaxy S22 Ultra 5G, Galaxy S22 5G, Galaxy S21 Ultra 5G, Galaxy S21 Ultra 5G, Galaxy S20+ 5G, Galaxy S20+ 5G, Galaxy Z Flip, Galaxy XCover Pro, Galaxy A53 5G, Galaxy XCover6 Pro) |
Android 13 |
NIAP Validation Completed (at Gossamer) |
2023.04.26 |
File Encryption
Click for Selections
Hardware Full Drive Encryption
Click for Selections
Note: Due to the nature of the split evaluations for this product category, some products listed here may not be validated against both applicable Protection Profiles. Products (marked with *) not validated against both the Collaborative Protection Profile Full Drive Encryption -- Authorization Acquisition (CPP FDE-AA) AND the Collaborative Protection Profile Full Drive Encryption -- Encryption Engine (CPP FDE-EE) will require a Deviation Request for requirement DAR-PS-7.
IPS
Click for Selections
Vendor |
Model |
Version |
CNSSP-11 Compliance |
Certification Date |
Cisco FTD 7.0 on Firepower 1000 and 2100 Series with FMC/FMCv (FPR 1010, FPR 1120, FPR 1140, FPR 1150, FPR 2110, FPR 2120, FPR 2130, FPR 2140, FMC1000 FMC2500, FMC4500, FMC1600, FMC2600, FMC4600 and FMCv running on ESXi 6.7 or 7.0 and Cisco UCS-C and E Series)
|
FTD 7.0 |
NIAP Validation Completed (at Gossamer) |
2023.01.31 |
NGIPSv running Firepower v7.0 and FMC/FMCv 7.0 (FMCIO00, FMC2500, FMC4500, FMC1600, FMC2600, FMC4600 and FMCv running on ESXi 6.7 or 7.0 and Cisco UCS-C and E series)
|
v7.0 |
NIAP Validation Completed (at Gossamer) |
2023.05.18 |
Cisco FTD/FTDv on Firepower 4100 and 9300 Series with FMC/FMCv (FPR 4110, FPR 4112, FPR 4115, FPR 4120, FPR 4125 FPR 4140, FPR 4145, FPR 4150, FPR 9300 SM-24, FPR 9300 SM-36, FPR 9300 SM-40, FPR 9300 SM44, FPR 9300 SM-48 and FPR 9300 SM-56, FMCl 000, FMC2500, FMC4500, FMC1600, FMC2600, FMC4600 and FMCv running on ESXi 6.7 and 7.0 and Cisco UCS-C and E series) |
FTD 7.0 |
NIAP Validation Completed (at Gossamer) |
2023.02.13 |
Cisco FTD 7.0/FTDV on ASA 5500 and ISA 3000 with FMC/FMCv (ASA 5508, ASA 5516, ISA 3000, FMC1000, FMC2500, FMC4500, FMC1600, FMC2600, FMC4600, and FMCv running on ESXi 6.7 or 7.0 and Cisco UCS-C and E series and FTDv running on NFVIS v4.4.2 on ENCS 5406, ENCS 5408 AND ENCS 5412
|
FTD 7.0 |
NIAP Validation Completed (at Gossamer) |
2023.02.13 |
IPsec VPN Client
Click for Selections
Vendor |
Model |
Version |
CNSSP-11 Compliance |
Certification Date |
Aruba |
Virtual Intranet Access (VIA) |
v4.3 and 4.4 |
NIAP Validation Completed (at Leidos) |
2022.08.31
|
AnyConnect Secure Mobility Client for Red Hat Enterprise Linux 8.1 |
v4.10 |
NIAP Validation Completed (at Gossamer) |
2022.07.18 |
AnyConnect for Android 12 |
v5.0 |
NIAP Validation Completed (at Gossamer) |
2022.07.18 |
Samsung Galaxy Devices on Android 12 - Spring (Galaxy S22 Ultra 5G, Galaxy S22+ 5G, Galaxy S22 5G, Galaxy S21 Ultra 5G, Galaxy S21+ 5G, Galaxy S21 5G, Galaxy Z Fold2 5G, Galaxy Note20 Ultra 5G, Galaxy Note20 Ultra LTE, Galaxy Note20 5G, Galaxy Note20 LTE, Galaxy Tab S8 Ultra, Galaxy Tab S8+, Galaxy Tab S8, Galaxy Tab S7+, Galaxy Tab S7, Galaxy Z Flip 5G, Galaxy S20 Ultra 5G, Galaxy S20+ 5G, Galaxy S20+ LTE, Galaxy S20 5G, Galaxy S20 LTE, Galaxy S20 FE, Galaxy XCover Pro, Galaxy A51, Galaxy Note10+ 5G, Galaxy Note10+, Galaxy Note10 5G, Galaxy Note10, Galaxy Tab S6 5G, Galaxy Tab S6, Galaxy S10 5G, Galaxy S10+, Galaxy S10, Galaxy S10e, Galaxy Fold 5G, Galaxy Fold and Galaxy Z Flip) |
Android 12 |
NIAP Validation Completed (at Gossamer) |
2022.05.25 |
Samsung Galaxy Devices on Android 13- Spring (Galaxy S23 Ultra 5G, Galaxy S22 Ultra 5G, Galaxy S22 5G, Galaxy S21 Ultra 5G, Galaxy S21 Ultra 5G, Galaxy S20+ 5G, Galaxy S20+ 5G, Galaxy Z Flip, Galaxy XCover Pro, Galaxy A53 5G, Galaxy XCover6 Pro) |
Android 13 |
NIAP Validation Completed (at Gossamer) |
2023.04.26 |
IPsec VPN Gateway
Click for Selections
Vendor |
Model |
Version |
CNSSP-11 Compliance |
Certification Date |
Apriva MESA VPN |
v3.0 |
NIAP Validation Completed (at Gossamer) |
2023.07.31 |
Aruba Mobility Controller 9004, 9012, 9240, 7005, 7008, 7010, 7024, 7030, 7205, 7210, 7220, 7240, 7240XM, 7280, MC-VA-50, MC-VA-250 and MC-VA-1k using ESXi v7 running on HPE EdgeLine EL8000, Pacstar 451/3 and GTS NXGEN-L 11/12 |
ArubaOS 8.10 |
NIAP Validation Completed (at Gossamer) |
2023.05.19 |
Adaptive Security Appliances (ASA) on Firepower 1000 and 2100 Series (FPR 1010, FPR 1120, FPR 1140; FPR 1150; FPR 2110, FPR 2120, FPR 2130, FPR 2140) |
ASA v9.16 |
NIAP Validation Completed (at Gossamer) |
2022.07.15 |
Adaptive Security Appliances (ASA) 5500-X, Industrial Security Appliances (ISA) 3000 and Adaptive Security Appliances Virtual (ASAv) (ASA 5508, ASA 5516, ISA 3000; ASAv5, ASAv10, ASAv30, ASAv50, ASAv100 running on ESXi 6.7 or 7.0 and Cisco UCS-C and E series, or running on NFVIS v4.4.2 on ENCS 5406, ENCS 5408, ENCS 5412) |
ASA v9.16 |
NIAP Validation Completed (at Gossamer) |
2022.07.14 |
Embedded Services Router (ESR) 5921 |
IOS 15.9M |
NIAP Validation Completed (at Acumen) |
2022.08.05 |
ASA on Firepower 4100 and 9300 Security Appliances (FPR 4110, FPR 4112, FPR 4115, FPR 4120, FPR 4125, FPR 4140, FPR4145, FPR 4150; FPR 9300 SM-24, FPR 9300 SM-36, FPR 9300 SM-40, FPR 9300 SM-44, FPR 9300 SM-48, FPR 9300 SM-56) |
ASA 9.16 |
NIAP Validation Complete (at Gossamer) |
2022.08.12 |
Cisco FTD 7.0 on Firepower 1000 and 2100 Series with FMC/FMCv (FPR 1010, FPR 1120, FPR 1140, FPR 1150, FPR 2110, FPR 2120, FPR 2130, FPR 2140, FMC1000, FMC2500, FMC4500, FMC1600, FMC2600) |
FTD 7.0 |
NIAP Validation Completed (at Gossamer) |
2023.01.31 |
Cisco FTD 7.0/FTDv on Firepower 4100 and 9300 Series with FMC/FMCv (FPR 4110, FPR 4112, FPR 4115, FPR 4120, FPR 4125 FPR 4140, FPR 4145, FPR 4150, FPR 9300 SM-24, FPR 9300 SM-36, FPR 9300 SM-40, FPR 9300 SM44, FPR 9300 SM-48 and. FPR 9300 SM-56, FMClO00, FMC2500, FMC4500, FMC 1600, FMC2600, FMC4600 and FMCv running on ESXi 6. 7 and 7 .0 and Cisco UCS-C and E series) |
FTD 7.0
|
NIAP Validation Completed (at Gossamer) |
2023.02.13 |
Catalyst Rugged Series Routers (IR8300) running IOS-XE v17.9 (IR8340-K9) |
IOS-XE v17.9 |
NIAP Validation Completed (at Acumen) |
2023.05.04 |
Cisco FTD 7.0/FTDv on ASA 5500 and ISA 3000 with FMC/FMCv" (ASA 5508, ASA 5516, ISA 3000, FMClO00, FMC2500, FMC4500, FMC1600, FMC2600, FMC4600 and FMCv running on ESXi 6.7 and 7.0 and Cisco UCS-C and E series and FTDv running on ESXi 6.7 or 7.0 and Cisco UCS-C and E series and FTDv running on NFVIS v4.4.2 on ENCS 5406, ENCS 5408 AND ENCS 5412) |
FTD 7.0 |
NIAP Validation Completed (at Gossamer) |
2023.02.13 |
Catalyst 8000V Edge (C8000V) running IOS-XE v17.9 (C8000V on Cisco UCS C-Series and general purpose computing platform) |
V17.9 |
NIAP Validation Completed (at Acumen) |
2023.05.04 |
Cisco 1000 Series Integrated Services Routers (ISR1000) running IOS-XE v17.9 (C1131) |
V17.9 |
NIAP Validation Completed (at Acumen) |
2023.05.04 |
Cisco Catalyst 8200 and 8500 Series Edge Routers running IOS-XE v17.6 (C8200-1N-4T, C8200L-1N-4T and C8500L-8S4X) |
IOS-XE v17.6 |
NIAP Validation Completed (at Acumen) |
2023.03.29 |
Forcepoint Next Generation Firewall (N120, N120W, N120WL, N120L, N60, N60L, 2201, 2205, 2210, 3401, 3405, 3410 running on ESXi 7.0) |
v6.10.9 |
NIAP Validation Completed (at Gossamer) |
2023.04.24 |
GoSilent Cube and GoSilent Server |
v25.01 |
NIAP Validation Completed (at Lightship Security USA) |
2022.12.22 |
7750 SR (7750 SR-7, 7750 SR-12, 7750 SR-12e, 7750 SR-1e, 7750 SR-2e, 7750 SR-3e, 7750 SR-a4, and 7750 SR-a8 with maxp10-10/1Gb-msec-sfp+ and me12-10/1gb-sfp+ MDAs) |
v20.10.R4 and 20.10.R12 |
NIAP Validation Completed (at Acumen) |
2021.10.22 |
PA-220R, PA-410, PA-415, PA-440, PA-445, PA-450, PA-460, PA-820, PA-850, PA-1410, PA-1420, PA-3220, PA-3250, PA-3260, PA-3410, PA-3420, PA-3430, PA-3440, PA-5220, PA-5250, PA-5260, PA-5280, PA-5410, PA-5420, PA-5430, PA-5440, PA-5450, PA-7050, and PA-7080 appliances and the virtual appliances in the VM-Series VM-50, VM-100, VM-200, VM-300, VM-500, VM-700, VM-1000-HV using VM ESXi with vSphere v7.0, Linux KVM and Microsoft Hyper-V Server 2012 R2, Server 2016 or Server 2019
|
PAN-OS 10.1, 10.2 and 11.0 |
NIAP Validation Completed (at Leidos) |
2022.08.31 |
MACSEC Ethernet Encryption Devices
Click for Selection
Vendor |
Model |
Version |
CNSSP-11 Compliance |
Certification Date |
Aggregation Services Router 9000 Series (ASR9K) (ASR 9006, ASR 9010, ASR 9901, ASR 9904, ASR 9906, ASR 9910, ASR 9912, ASR 9922, A9K-RSP880, A99-RP3, A9K-RSP5, A99-4X100GE, A99-8X100GE, A99-12X100GE, A9K-16X100GE, A99-32X100GE, A9K-4X100GE, A9K-8X100GE and A9K-MOD400) |
IOS-XR 7.1 |
NIAP Validation Completed (at Acumen) |
2022.04.18 |
Cisco, Catalyst 9400 and 9600 Series Switches (C9404R, C9407R, C9410R; Supervisor: C9400-SUP-1, C9400-SUP-1XL, C9400-SUP-1XL-Y; Linecards: C9400-LC-48U, C9400-LC-48T, C9400-LC-48P, C9400-LC-24XS, C9400-LC-48UX, C9400-LC-24S, C9400-LC-48S C9606R; Supervisor: C9600-SUP-1; Linecards: C9600-LC-24C, C9600-LC-48YL, C9600-LC-48TX, C9600-LC-24S) |
IOS-XE 17.6 |
NIAP Validation Completed (at Acumen) |
2022.06.30 |
Catalyst 9200/9200L Series Switches (C9200-24T, C9200-48T, C9200-24P, C9200-48P, C9200-24PB; C9200-48PB; C9200-24PXG; C9200-48PXG; Network Modules: C9200-NM-4G, C9200-NM-4X, C9200-NM-2Y, C9200-NM-2Q C9200L-24P-4G, C9200L-48P-4G, C9200L-48PL-4G, C9200L-24P-4X, C9200L-48P-4X, C9200L-48PL-4X, C9200L-24T-4G, C9200L-48T-4G, C9200L-24T-4X, C9200L-48T-4X, C9200L-24PXG-2Y, C9200L-48PXG-2Y, C9200L-24PXG-4X, C9200L-48PXG-4X) |
IOS-XE 17.6 |
NIAP Validation Completed (at Acumen) |
2022.06.30 |
Catalyst 9300 and 9500 Series Switches (C9300-24T, C9300-48T, C9300-24P, C9300-48P, C9300-24U, C9300-48U, C9300-24UX, C9300-48UXM, C9300-48UN, C9300-24S, C9300-48S, C9300D-24UB, C9300D-48UB, C9300D-24UXB, C9300-24H, C9300-48H, C9300L-24T-4G, C9300L-48T-4G, C9300L-24P-4G, C9300L-48P-4G, C9300L-24T-4X, C9300L-48T-4X, C9300L-24P-4X, C9300L-48P-4X, C9300L-48PF-4G, C9300L-48PF-4X, C9300L-24UXG-4X, C9300L-24UXG-2Q, C9300L-48UXG-4X, C9300L-48UXG-2Q, C9300X-12Y, C9300X-24Y, C9300X-48Y, C9300X-12Q; Network Models: C9300-NM-4G, C9300-NM-8X, C9300-NM-2Q, C9300-NM-4M, C9300-NM-2Y, C9300X-NM-8Y, C9300X-NM-4C, C9300X-NM-2C, C9300X-NM-8M, C9500-12Q, C9500-24Q, C9500-40X, C9500-16X, C9500-32C, C9500-32QC, C9500-24Y4C, C9500-48Y4C, Network Models: C9500-NM-8X, C9500-NM-2Q) |
IOS-XE 17.6 |
NIAP Validation Completed (at Acumen) |
2022.06.15 |
Cisco 8000 Series Routers running on IOS-XR 7.3 (8808-SYS, 8812-SYS, 8818-SYS, 8800-RP, 8800-FC, 8800-LC-48H, 8800-LC-36FH-36x400 and 8800-LC-36FH LC)
|
IOS-XR 7.3 |
NIAP Validation Completed (at Acumen) |
2022.11.10 |
Catalyst 9200 and 9200L Series Switches running on IOS-XE v17.9 (C9200-24T, C9200-48T, C9200-24P, C9200-48P, C9200-24PB, C9200-48PB, C9200-24PXG, C9200-28PXG, C9200-NM-4G, C9200-NM-4X, C9200-NM-2Y, C9200-NM-2Q, C9200L-24P-4G, C9200L24P-4G, C9200L-48P-4G, C9200L-48PL-4G, C9200L-24P-4X, C9200L-48P-4X, C9200L-48PL-4X, C9200L-24T-4G, C9200L-48T-4G, C9200L-24T-4X, C9200L-48T-4X, C9200L-24PXG-2Y, C9200L-48PXG-2Y, C9200L-24PXG-4X and C9200L-48PXG-4X |
v17.9
|
NIAP Validation Completed (at Gossamer) |
2023.07.25 |
Cisco Catalyst 8200 and 8500 Series Edge Routers running IOS-XE v17.6 (C8200-1N-4T, C8200L-1N-4T and C8500L-8S4X) |
IOS-XE v17.6
|
NIAP Validation Completed (at Acumen) |
2023.03.29 |
7750 SR (7750 SR-7, 7750 SR-12, 7750 SR-12e, 7750 SR-1e, 7750 SR-2e, 7750 SR-3e, 7750 SR-a4, and 7750 SR-a8 with maxp10-10/1Gb-msec-sfp+ and me12-10/1gb-sfp+ MDAs) |
v20.10.R4 and 20.10.R12 |
NIAP Validation Completed (at Acumen) |
2021.10.22 |
MDM
Click for Selections
Session Border Controller
Click for Selections
Vendor |
Model |
Version |
CNSSP-11 Compliance |
|
|
|
|
Enterprise Session Controller (aka SIP Server)
Click for Selections
Software Full Drive Encryption
Click for Selections
TLS Protected Servers
Click for Selections
TLS Software Applications
Click for Selections
Note: Components listed here are validated for their ability to establish a TLS connection as specified in the Capability Packages. Additional functionality not described within the Capability Packages and evaluated by the Protection Profile for Application Software are beyond the scope of CSfC approval.
Traffic Filtering Firewall
Click for Selections
Vendor |
Model |
Version |
CNSSP-11 Compliance |
Certification Date |
Aruba Mobility Controller 9004, 9012, 9240, 7005, 7008, 7010, 7024, 7030, 7205, 7210, 7220, 7240, 7240XM, 7280, MC-VA-50, MC-VA-250 and MC-VA-1k using ESXi v7 running on HPE EdgeLine EL8000, Pacstar 451/3 and GTS NXGEN-L 11/12 |
ArubaOS 8.10 |
NIAP Validation Completed (at Gossamer) |
2023.11.20 |
Adaptive Security Appliances (ASA) on Firepower 1000 and 2100 Series (FPR 1010, FPR 1120, FPR 1140; FPR 1150; FPR 2110, FPR 2120, FPR 2130, FPR 2140) |
ASA v9.16 |
NIAP Validation Completed (at Gossamer) |
2022.07.14 |
Adaptive Security Appliances (ASA) 5500-X, Industrial Security Appliances (ISA) 3000 and Adaptive Security Appliances Virtual (ASAv) (ASA 5508, ASA 5516, ISA 3000; ASAv5, ASAv10, ASAv30, ASAv50, ASAv100 running on ESXi 6.7 or 7.0 and Cisco UCS-C and E series, or running on NFVIS v4.4.2 on ENCS 5406, ENCS 5408, ENCS 5412) |
ASA v9.16 |
NIAP Validation Completed (at Gossamer) |
2022.07.14 |
ASA on Firepower 4100 and 9300 Security Appliances (FPR 4110, FPR 4112, FPR 4115, FPR 4120, FPR 4125, FPR 4140, FPR4145, FPR 4150; FPR 9300 SM-24, FPR 9300 SM-36, FPR 9300 SM-40, FPR 9300 SM-44, FPR 9300 SM-48, FPR 9300 SM-56) |
ASA 9.16 |
NIAP Validation Ongoing (at Gossamer) |
2022.08.12 |
Cisco FTD 7.0 on Firepower 1000 and 2100 Series with FMC/FMCv (FPR 1010, FPR 1120, FPR 1140, FPR 1150, FPR 2110, FPR 2120, FPR 2130, FPR 2140, FMC1000, FMC2500, FMC4500, FMC1600, FMC2600, FMC4600 and FMCv running on ESXi 6.7 or 7.0 and Cisco USC-C and E series
|
FTD 7.0 |
NIAP Validation Completed (at Gossamer) |
2023.01.31 |
Cisco FTD 7.0/FTDV on ASA 5500 and ISA 3000 with FMC/FMCv (ASA 5508, ASA 5516, ISA 3000, FMCl000, FMC2500, FMC4500, FMC1600, FMC2600, FMC4600 and FMCv running on ESXi 6.7 and 7.0 and Cisco UCS-C and E series and FTDv running on ESXi 6.7 or 7.0 and Cisco UCS-C and E series and FTDv running on NFVIS v4.4.2 on ENCS 5406, ENCS 5408 AND ENCS 5412) |
FTD 7.0
|
NIAP Validation Completed (at Gossamer) |
2023.02.13 |
Forcepoint Next Generation Firewall (N120, N120W, N120WL, N120L, N60, N60L, 2201, 2205, 2210, 3401, 3405, 3410 running on ESXi 7.0) |
v6.10.9 |
NIAP Validation Completed (at Gossamer) |
2023.04.24 |
PA-220R, PA-410, PA-415, PA-440, PA-445, PA-450, PA-460, PA-820, PA-850, PA-1410, PA-1420, PA-3220, PA-3250, PA-3260, PA-3410, PA-3420, PA-3430, PA-3440, PA-5220, PA-5250, PA-5260, PA-5280, PA-5410, PA-5420, PA-5430, PA-5440, PA-5450, PA-7050, and PA-7080 appliances and the virtual appliances in the VM-Series VM-50, VM-100, VM-200, VM-300, VM-500, VM-700, VM-1000-HV using VM ESXi with vSphere v7.0, Linux KVM and Microsoft Hyper-V Server 2012 R2, Server 2016 or Server 2019
|
PAN-OS 10.1, 10.2 and 11.0 |
NIAP Validation Completed (at Leidos) |
2022.08.31 |
VoIP Applications
Click for Selections
Web Browsers
Click for Selections
Vendor |
Model |
Version |
CNSSP-11 Compliance |
WIDS/WIPS
There is currently no WIDS/WIPS Selection document.
Vendor |
Model |
Version |
CNSSP-11 Compliance |
Certification Date |
Commscope Technologies LLC |
Ruckus SmartZone WLAN Controllers and Access Points with WIDS |
R5.2.1.3 |
NIAP Validation Completed (at Gossamer) |
2023.09.19 |
WLAN Access System
Click for Selections
Vendor |
Model |
Version |
CNSSP-11 Compliance |
Certification Date |
HPE Aruba Networking |
Aruba Mobility Controller 9004, 9012, 9240, 7005, 7008, 7010, 7024, 7030, 7205, 7210, 7220, 7240, 7240XM, 7280, MC-VA-50, MC-VA-250 and MC-VA-1k using ESXi v7 running on HPE EdgeLine EL8000, Pacstar 451/3 and GTS NXGEN-L 11/12 |
ArubaOS 8.10 |
NIAP Validation Completed (at Gossamer) |
2023.05.19 |
Commscope Technologies LLC |
Ruckus SmartZone WLAN Controllers and Access Points with WIDS |
R5.2.1.3 |
NIAP Validation Completed (at Gossamer) |
2023.09.19 |
WLAN Client
All validated End User Device / Mobile Platform components include validated WLAN Client implementations