Network Fundamentals and Firewalls

CCDB iTC Liaison:  UK

Introduction and Status

The CCDB has established a Work Group to assist in creating an iTC (and hence cPPs) for Network Fundamentals and Firewalls (the Work Group name is abbreviated to "CCDB NDFW WG"). The Work Group comprises participants from 10 nations, at present: Australia, Canada, India, Japan, Norway, Republic of Korea, Sweden, Turkey, the UK, and the US.

The invitation notice for joining the iTC, with contact details, can be found here iTC invitation letter

The iTC formation is currently being coordinated via

Version 2

The Network iTC is pleased to announce the public review of the next version of the Network Device cPP and Supporting Document. This second version introduces a number of changes, most notably the support for distributed TOEs but also includes a number of interpretations from the NIT as well as numerous consistency changes. This public review doesn’t include a new version of the Stateful Traffic Filtering Firewall cPP and SD, however all of the changes made to the Network cPP and SD will be reflected in an updated Firewall cPP and SD which will be released alongside the final Network Device cPP and SD. The new version of the Firewall cPP and SD will not modify any of the firewall specific requirements or evaluation activities from version 1.0.

Posted below are both change-marked and non-changed-marked versions of the new draft cPP and SD. Note that due to a change in template, the change-marked version of the SD highlights numerous editorial changes to fit around the new template structure. To aid reviewing, also posted are the consolidated feedback forms from the internal iTC review and a change summary that provides a high level view of the changes implemented across both documents.

The public review will close on Friday 19 August 2016. All feedback should be submitted before this date using this review template. Completed review forms should be e-mailed to

Version 2 Addendum - DTLS

The Network iTC has released an additional document for public review as part of the next version of the Network cPP and SD. This document outlines the SFRs and EAs associated with the addition of DTLS as a secure communications protocol for protecting inter-TOE communications within a distributed TOE. The document includes an introductory narrative that does not require feedback and instead reviewers should focus on providing feedback against the SFRs and EAs which begin on page 6. The intention of the iTC is to integrate the DTLS SFRs and EAs once the public review period has closed. Due to this late addition, the iTC is extending the deadline for feedback until Friday September 2nd. Feedback relating to this document should be supplied on a separate review template and submitted to

Version 1

Network Device cPP and Network Device Supporting Document and Firewall cPP and Firewall Supporting Documents are Published!

The associated Endorsement Statements

Version 1 Background Information

Initial Essential Security Requirements (ESR) and Position Statements

The group has produced two statements for FW 'Essential Security Requirements' (ESR) and ND ESR which represents the common needs of the WG members in these areas.

The associated Position Statements:

Security Problem Definition (SPD)

A set of draft requirements (in the form of a zipped set of documents for individual functional areas) for the Network Device and Firewall have been written and are open for comment until September 1st by using the following comment sheet: NDFW Requirements Comment Sheet and sending it to

ND cPP and ND Supporting Document and STFF cPP and STFF Supporting Documents are Published!

The preliminary Network Device cPP and Stateful Traffic Filtering Firewall cPP and the associated Supporting Documents Network Device and Stateful Traffic Filtering Firewall were released for public review. The cPPs and Supporting Documents were updated based on the feedback received from several schemes. The iTC’s comments based on the feedback can be found below: