National Information Assurance Partnership
Common Criteria Evaluation and Validation Scheme
Validation Report
for
Trend Micro TippingPoint Threat Protection System
(TPS) v5.1
Report Number: CCEVS-VR-VID10949-2019
Dated: 30 January 2019
Version: 1.0
National Institute of Standards and Technology National Security Agency
Information Technology Laboratory Information Assurance Directorate
100 Bureau Drive 9800 Savage Road STE 6940
Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6940
®
TM
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 1 of 19
Acknowledgements
Validation Team
Paul Bicknell, Senior
John Butterworth, Lead
Michelle Carlson
Stelios Melachrinoudis, Lead
The MITRE Corporation
Bedford, MA
Common Criteria Testing Laboratory
Leidos Inc.
Columbia, MD
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 2 of 19
Table of Contents
1 Executive Summary.............................................................................................................3
Interpretations .............................................................................................................4
Threats.........................................................................................................................4
2 Identification........................................................................................................................5
3 Security Policy.....................................................................................................................6
Security Audit.............................................................................................................6
Cryptographic Support................................................................................................6
Identification and Authentication ...............................................................................6
Security Management .................................................................................................7
Protection of the TSF..................................................................................................7
TOE Access ................................................................................................................7
Trusted Path/Channels ................................................................................................7
4 Assumptions and Clarification of Scope..............................................................................8
Assumptions................................................................................................................8
Clarification of Scope .................................................................................................8
5 TOE Evaluated Configuration ...........................................................................................10
Evaluated Configuration ...........................................................................................10
Excluded Functionality.............................................................................................10
6 Documentation...................................................................................................................11
7 Independent Testing...........................................................................................................12
Test Configuration ....................................................................................................12
Vulnerability Analysis ..............................................................................................12
8 Results of the Evaluation ...................................................................................................14
9 Validator Comments/Recommendations ...........................................................................15
10 Annexes..............................................................................................................................16
11 Security Target...................................................................................................................17
12 Abbreviations and Acronyms ............................................................................................18
13 Bibliography ......................................................................................................................19
List of Tables
Table 1: Evaluation Details............................................................................................................. 5
Table 2: TOE Security Assurance Requirements ......................................................................... 14
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 3 of 19
1 Executive Summary
This report is intended to assist the end-user of this product and any security certification agent for that
end-user in determining the suitability of this Information Technology (IT) product in their environment.
End-users should review the Security Target (ST), which is where specific security claims are made, in
conjunction with this Validation Report (VR), which describes how those security claims were evaluated
and tested and any restrictions on the evaluated configuration. Prospective users should carefully read the
Assumptions and Clarification of Scope in Section 4 and the Validator Comments in Section 9, where any
restrictions on the evaluated configuration are highlighted.
This report documents the National Information Assurance Partnership (NIAP) assessment of the
evaluation of the Trend Micro TippingPoint Threat Protection System (TPS) v5.1 (the Target of
Evaluation, or TOE). It presents the evaluation results, their justifications, and the conformance results.
This VR is not an endorsement of the TOE by any agency of the U.S. Government and no warranty of the
TOE is either expressed or implied. This VR applies only to the specific version and configuration of the
product as evaluated and as documented in the ST.
The evaluation of the Trend Micro TippingPoint Threat Protection System (TPS) v5.1 was performed by
Leidos Common Criteria Testing Laboratory (CCTL) in Columbia, Maryland, USA, and was completed
in January 2019.
The evaluation was conducted in accordance with the requirements of the Common Criteria and Common
Methodology for IT Security Evaluation (CEM), version 3.1, revision 4 ([1], [2], [3], [4]) and activities
specified in the following document:
 Evaluation Activities for Network Device cPP, Version 2.0 + Errata 20180314, March 2018
[6]
The evaluation was consistent with NIAP Common Criteria Evaluation and Validation Scheme (CCEVS)
policies and practices as described on their web site (www.niap-ccevs.org).
The product comprises network appliances and virtual appliances on specified hardware used to facilitate
threat protection, shield computing infrastructure from network vulnerabilities, block exploits, and defend
against known and zero-day attacks. The focus of the evaluation was on the product’s conformance to the
security functionality specified in the following documents:
 collaborative Protection Profile for Network Devices, Version 2.0 + Errata 20180314, 14
March 2018 [5]
The security functions specified in this Protection Profile include protection of communications between
the TOE and external IT entities, identification and authentication of administrators, auditing of security-
relevant events, and ability to verify the source and integrity of updates to the TOE.
The Leidos evaluation team determined that the TOE is conformant to the claimed Protection Profile and,
when installed, configured and operated as specified in the evaluated guidance documentation, satisfies
all the security functional requirements stated in the ST. The information in this VR is largely derived
from the Assurance Activities Report (AAR) ([13]) and the associated test report produced by the Leidos
evaluation team ([15]).
The validation team reviewed the evaluation outputs produced by the evaluation team, in particular the
AAR and associated test report. The validation team found that the evaluation showed that the TOE
satisfies all the security functional and assurance requirements stated in the ST. The evaluation also
showed that the TOE is conformant to the claimed Protection Profile and that the evaluation activities
specified in [6] had been performed appropriately. Therefore, the validation team concludes that the
testing laboratory’s findings are accurate, the conclusions justified, and the conformance results are
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 4 of 19
correct. The conclusions of the testing laboratory in the Evaluation Technical Report are consistent with
the evidence produced.
Interpretations
The following NIAP Technical Decisions were applied during the course of this evaluation:
 TD0259: NIT Technical Decision for Support for X509 ssh rsa authentication IAW RFC
6187
 TD0260: NIT Technical Decision for Typo in FCS_SSHS_EXT.1.4
 TD0290: NIT technical decision for physical interruption of trusted path/channel
 TD0291: NIT technical decision for DH14 and FCS_CKM.1
 TD0334: NIT Technical Decision for Testing SSH when password-based authentication
is not supported.
 TD0336: NIT Technical Decision for Audit requirements for FCS_SSH*_EXT.1.8
 TD0337: NIT Technical Decision for Selections in FCS_SSH*_EXT.1.6
 TD0338: NIT Technical Decision for Access Banner Verification
 TD0339: NIT Technical Decision for Making password-based authentication optional in
FCS_SSHS_EXT.1.2
All other Technical Decisions were found to be not applicable to the TOE, either because they were not
related to the claimed Protection Profile or because they related to optional or selection-based
functionality that was not claimed in the TOE’s Security Target [7].
Threats
The Security Problem Definition, including the threats, may be found in the collaborative Protection
Profile for Network Devices, Version 2.0 +.
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 5 of 19
2 Identification
The CCEVS is a joint National Security Agency (NSA) and National Institute of Standards and Technology
(NIST) effort to establish commercial facilities to perform trusted product evaluations. Under this program,
commercial testing laboratories called Common Criteria Testing Laboratories (CCTLs) use the Common
Criteria and Common Methodology for IT Security Evaluation (CEM) to conduct security evaluations, in
accordance with National Voluntary Laboratory Assessment Program (NVLAP) accreditation.
The NIAP Validation Body assigns Validators to monitor the CCTLs to ensure quality and consistency
across evaluations. Developers of IT products desiring a security evaluation contract with a CCTL and pay
a fee for their product’s evaluation. Upon successful completion of the evaluation, the product is added to
NIAP’s Product Compliant List (PCL).
The following table provides information needed to completely identify the product and its evaluation.
Table 1: Evaluation Details
Evaluated Product: Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Sponsor & Developer: Trend Micro, Inc.
11305 Alterra Parkway
Austin, TX 78758
CCTL: Leidos
Common Criteria Testing Laboratory
6841 Benjamin Franklin Drive
Columbia, MD 21046
Completion Date: January 30, 2019
CC: Common Criteria for Information Technology Security Evaluation,
Version 3.1, Revision 4, September 2012
CEM: Common Methodology for Information Technology Security
Evaluation: Version 3.1, Revision 4, September 2012
Protection Profiles: collaborative Protection Profile for Network Devices, Version 2.0 +
Errata 20180314, 14 March 2018
Disclaimer: The information contained in this Validation Report is not an
endorsement either expressed or implied of the TOE
Evaluation Personnel: Anthony Apted
Greg Beaver
Justin Fisher
Allen Sant
Kevin Steiner
Validation Personnel: Paul Bicknell
John Butterworth
Michelle Carlson
Stelios Melachrinoudis
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 6 of 19
3 Security Policy
The TOE enforces the following security policies as described in the ST.
Note: Much of the description of the security policy has been derived from the ST and the ETR.
Security Audit
The TOE is able to generate audit records for security relevant events specified in the claimed PP. The
TOE can be configured to store the audit records locally on the TOE and can also be configured to send
the logs to a designated external log server. The audit records in local audit storage cannot be modified or
deleted. In the event the space available for storing audit records locally is exhausted, the TOE deletes
the oldest historical log file, renames the current log file to be a historical file, and creates a new current
log file. The TOE will write a warning to the audit trail when the space available for storage of audit
records exceeds 75% space remaining threshold.
Cryptographic Support
The TOE is operated in FIPS mode and includes FIPS-approved and NIST-recommended cryptographic
algorithms. The TOE provides cryptographic mechanisms for symmetric encryption and decryption,
cryptographic signature services, cryptographic hashing services, keyed-hash message authentication
services, deterministic random bit generation seeded from a suitable entropy source, and key zeroization.
The cryptographic mechanisms support SSH used for secure communication, both as client and server.
Identification and Authentication
The TOE requires users (i.e., administrators) to be successfully identified and authenticated before they
can access any security management functions available in the TOE. The TOE offers both a locally
connected console and a network accessible interface over SSH to support administration of the TOE.
The TOE supports the local (i.e., on device) definition of administrators with usernames and passwords.
When a user is authenticated at the local console, no information about the authentication data (i.e.,
password) is echoed to the user. Passwords can be composed of any combination of upper and lower case
letters, numbers, and the following special characters: !; @; #; $; %; ^; &; *; (; ); ,; .; ?; <; >; and /.
The TOE provides authentication failure handling for remote administrator access. When the defined
number of unsuccessful authentication attempts has been reached, the remote administrator accessing the
TOE via SSH is locked out for an administrator configurable period of time. Authentication failures by
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 7 of 19
remote Administrators cannot lead to a situation where no Administrator access is available to the TOE
since administrator access is still available via local console.
Security Management
The TOE provides administrator roles and supports local and remote administration. The TOE supports
Super User, Admin, and Operator roles that map to the Security Administrator role in the protection
profile. Each user must be assigned a role in order to perform any management action.
Protection of the TSF
The TOE protects sensitive data such as stored passwords and cryptographic keys so that they are not
accessible even by an administrator. It also provides its own timing mechanism that ensures reliable time
information is available.
The TOE provides mechanisms to view the current version of the TOE and to install updates of the TOE
software. TOE updates are initiated manually by the Super User or Admin, who can verify the integrity of
the update prior to installation using a digital signature.
The TOE performs tests for software module integrity and cryptographic known-answer tests.
TOE Access
The TOE implements administrator-configurable session inactivity limits for local interactive sessions at
the console and for SSH sessions. The TOE will terminate such sessions when the inactivity period
expires. In addition, administrators can terminate their own interactive sessions by logging out at the
console and SSH.
The TOE supports an administrator-configurable TOE access banner that is displayed prior to a user
completing the login process at the CLI. This is implemented for both local and remote management
connections (console, SSH).
Trusted Path/Channels
The TOE protects interactive communication with remote administrators using SSH. SSH ensures
confidentiality of transmitted information and detects any loss of integrity.
The TOE also uses SSH to protect the transmission of audit records to an external audit server.
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 8 of 19
4 Assumptions and Clarification of Scope
Assumptions
The ST references the PPs to which it claims conformance for assumptions about the use of the TOE. Those
assumptions, drawn from the claimed PPs, are as follows:
 The device is assumed to be physically protected in its operational environment and not subject to
physical attacks that compromise the security and/or interfere with the device’s physical
interconnections and correct operation. This protection is assumed to be sufficient to protect the
device and the data it contains.
 The device is assumed to provide networking and filtering functionality as its core function and not
provide functionality/services that could be deemed as general-purpose computing. For example,
the device should not provide computing platform for general purpose applications (unrelated to
networking/filtering functionality).
 A standard/generic network device does not provide any assurance regarding the protection of
traffic that traverses it. The intent of the functionality that is evaluated for conformance to the
NDcPP is for the network device to protect data that originates on or is destined to the device itself,
to include administrative data and audit data.
 The authorized administrators for the device are assumed to be trusted and to act in the best interest
of security for the organization. This includes being appropriately trained, following policy, and
adhering to guidance documentation. Administrators are trusted to ensure passwords/credentials
have sufficient strength and entropy and to lack malicious intent when administering the device.
The device is not expected to be capable of defending against a malicious administrator that actively
works to bypass or compromise the security of the device.
 The device firmware and software is assumed to be updated by an administrator on a regular basis
in response to the release of product updates due to known vulnerabilities.
 The administrator’s credentials (private key) used to access the device are protected by the platform
on which they reside.
Clarification of Scope
All evaluations (and all products) have limitations, as well as potential misconceptions that need
clarifying. This text covers some of the more important limitations and clarifications of this evaluation.
Note that:
 As with any evaluation, this evaluation only shows that the evaluated configuration meets the
security claims made, with a certain level of assurance (the evaluation activities specified in
Evaluation Activities for Network Device cPP [6] and performed by the evaluation team).
 This evaluation covers only the specific device models and software version identified in this
document, and not any earlier or later versions released or in process.
 The evaluation of security functionality of the product was limited to the functionality specified in
Trend Micro TippingPoint Threat Protection System (TPS) v5.1 Security Target, Version 1.0,
January 11, 2019 [7].
 Only the following protocols implemented by the product have been tested, and only to the extent
specified by the security functional requirements: SSH.
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 9 of 19
 The TOE appliances consist of software and hardware and do not rely on the operational
environment for any supporting security functionality.
 The TOE can be configured to use the following components in its operational environment,
however, these components have not been evaluated and their use with the TOE is not covered by
this evaluation:
o Administrator workstation—computer connected either directly or remotely to the
appliance’s Management port via an RJ-45 Ethernet cable. The Management port is an out-
of-band management port that provides access to the CLI via SSH.
o syslog server
 This evaluation did not specifically search for, nor attempt to exploit, vulnerabilities that were not
“obvious” or vulnerabilities to objectives not claimed in the ST. The CEM defines an “obvious”
vulnerability as one that is easily exploited with a minimum of understanding of the TOE, technical
sophistication and resources.
 The TOE must be installed, configured and managed as described in the documentation referenced
in section 6 of this Validation Report.
 The evaluated configuration comprises individual TPS devices managed in isolation, and not a
distributed solution. Additionally, when deploying the TOE in a virtualized environment, the VM-
Series virtual appliance must be the only guest running in the virtualized environment, and no other
non-network applications may be running on the VM.
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 10 of 19
5 TOE Evaluated Configuration
Evaluated Configuration
Trend Micro TippingPoint Threat Protection System (TPS) v5.1, as configured in accordance with the
guidance documentation listed in Section 6 of this Validation Report. The specific appliance models
include:
 TPS 440T
 TPS 2200T (1 Gbps)
 TPS 2200T (2 Gbps)
 TPS 8200TX
 TPS 8400TX
 vTPS
The vTPS model was tested using both VMware ESXi v6.5 and RHEL KVM v7.1. The host platforms for
the VM hypervisors were tested using Intel Xeon processors.
The vTPS virtual appliance must be the only guest running in the virtualized environment, in accordance
with the requirements of the NDcPP.
Excluded Functionality
All product functionality that is not claimed by the Security Target as part of achieving exact conformance
to the NDcPP is excluded from the evaluation scope. The product also has the following exclusions:
 The TippingPoint Threat Protection System product includes a Local Security Management
(LSM) component that provides remote administrative management. The LSM is a GUI over
HTTPS. In the evaluated configuration, all management must be performed using the CLI.
 The TPS devices can be configured to use sFlow record emission to sample a random flow of
traffic and send the data to a collector server for analysis. SFlow and collector services are
not in the evaluated configuration.
 Two TippingPoint Threat Protection appliances can be installed in a redundant network
configuration. This system configuration provides High Availability (HA), ensuring that the
network traffic always flows at wire speeds in the event of any internal hardware or software
failure on the device. HA is not included in the evaluated configuration.
 TippingPoint Threat Protection appliances can be installed in a stacking configuration.
Stacking enables an increase in the overall inspection capacity of TPS by grouping multiple
TX Series devices and pooling their resources. Stacking configurations are not included in
the evaluated configuration.
 Optional bypass I/O modules are available for the 8200TX and 8400TX security devices that
provide high availability for copper and fiber segments. These modules are not included in
the evaluated configuration.
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 11 of 19
6 Documentation
Trend Micro offers guidance documents describing the installation process for the TOE as well as
guidance for subsequent administration and use of the applicable security features. The guidance
documentation examined during the evaluation and delivered with each TOE model is as follows:
 Trend Micro TippingPoint Threat Protection System Hardware Specification and Installation
Guide, Version 5.1, July 2018 [9]
 Trend Micro TippingPoint Threat Protection System (TPS) Command Line Interface reference,
October 2018 [8]
 Trend Micro Common Criteria Evaluated Configuration Guide (CCECG) for TPS v5.1, Version
1.0, 11 January 2019 [13]
The following guidance is also provided for initial setup purposes, but it is only necessary to reference the
guidance that relates to the specific TOE model(s) being installed:
 Trend Micro TippingPoint Threat Protection System Install Your 440T and 2200T Security
Devices, Revision 6, July 2018 [10]
 Trend Micro TippingPoint Threat Protection System Install Your 8200TX and 8400TX Security
Devices, Revision 2, July 2018 [11]
 Trend Micro TippingPoint Virtual Threat Protection System (vTPS) Deployment Guide, Version
5.1, July 2018 [12]
To use the product in the evaluated configuration, the product must be configured as specified in these
guides.
Any additional customer documentation provided with the product, or that which may be available online
was not included in the scope of the evaluation and therefore should not be relied upon to configure or
operate the device as evaluated. Consumers are encouraged to download this CC configuration guide
(CCECG above) from the NIAP website.
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 12 of 19
7 Independent Testing
This section describes the testing efforts of the evaluation team. It is derived from information contained
in the following proprietary documents:
 Trend Micro TippingPoint Threat Protection System (TPS) v5.1 Common Criteria Test Report
and Procedures for Network Device collaborative PP Version 2.0 [14]
A non-proprietary version of the tests performed and samples of the evidence that was generated is
summarized in the following document:
 Assurance Activities Report for Trend Micro TippingPoint Threat Protection System (TPS) [15]
The purpose of the testing activity was to confirm the TOE behaves in accordance with the TOE security
functional requirements as specified in the ST for a product claiming conformance to collaborative
Protection Profile for Network Devices [5].
The evaluation team devised a Test Plan based on the Testing Assurance Activities specified in
collaborative Protection Profile for Network Devices [5]. The Test Plan described how each test activity
was to be instantiated within the TOE test environment. The evaluation team executed the tests specified
in the Test Plan and documented the results in the team test report listed above.
Independent testing took place at Leidos CCTL facilities in Columbia, Maryland.
The evaluators received the TOE in the form that normal customers would receive it, installed and
configured the TOE in accordance with the provided guidance, and exercised the Team Test Plan on
equipment configured in the testing laboratory.
Given the complete set of test results from the test procedures exercised by the evaluators, the testing
requirements for collaborative Protection Profile for Network Devices [5] were fulfilled.
Test Configuration
The evaluated version of the TOE consists of Trend Micro TippingPoint Threat Protection System (TPS)
5.1 running on any of the following physical and virtual appliances:
 TPS 440T
 TPS2200T
 TPS8200TX
 TPS8400TX
 vTPS
The TOE must be deployed as described in section 4.1 of this Validation Report and be configured in
accordance with the Trend Micro TippingPoint Threat Protection System (TPS) Command Line Interface
reference [8] and Trend Micro Common Criteria Evaluated Configuration Guide (CCECG) for TPS v5.1
[13].
Vulnerability Analysis
The evaluation team performed a vulnerability analysis following the processes described in the claimed
Protection Profiles and using the flaw-hypothesis methodology. This included a search of public
vulnerability databases and development of Type 3 flaw hypotheses in accordance with Section A.3 of
[6]. These searches were performed during the evaluation and then re-performed a final time on
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 13 of 19
November 30, 2018 to ensure that no additional public vulnerabilities were disclosed prior to the
completion of the evaluation.
The evaluation team searched the National Vulnerability Database
(http://web.nvd.nist.gov/view/vuln/search) and several other public vulnerability repositories.
The keyword searches included the following terms:
 “TippingPoint”
 “threat protection”
 “TCP”
 “SSH”
 “openssh” – specifically, only results for version 7.5p1 or newer were considered
 “openssl” – specifically, only results for version 1.0.2l or newer were considered
 “Linux” – specifically, only results for version 4.4.85 or newer were considered
The conclusion drawn from the vulnerability analysis is that no residual vulnerabilities exist that are
exploitable by attackers with Basic Attack Potential as defined by the Certification Body in accordance
with the guidance in the CEM.
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 14 of 19
8 Results of the Evaluation
The evaluation was conducted based upon the assurance activities specified in the following documents, in
conjunction with Version 3.1, Revision 4 of the CC and CEM:
 Evaluation Activities for Network Device cPP, Version 2.0 + Errata 20180314, March 2018 [6]
A verdict for an assurance component is determined by the resulting verdicts assigned to the corresponding
evaluator action elements. The evaluation team assigned a Pass, Fail, or Inconclusive verdict to each work
unit of each assurance component. For Fail or Inconclusive work unit verdicts, the evaluation team advised
the developer of issues requiring resolution or clarification within the evaluation evidence. In this way, the
evaluation team assigned an overall Pass verdict to the assurance component only when all of the work
units for that component had been assigned a Pass verdict.
The validation team’s assessment of the evidence provided by the evaluation team is that it demonstrates
that the evaluation team performed the assurance activities in the claimed PPs, and correctly verified that
the product meets the claims in the ST.
The details of the evaluation are recorded in the Evaluation Technical Report (ETR), which is controlled
by the Leidos CCTL. The security assurance requirements are listed in the following table.
Table 2: TOE Security Assurance Requirements
Assurance Component ID Assurance Component Name
ADV_FSP.1 Basic functional specification
AGD_OPE.1 Operational user guidance
AGD_PRE.1 Preparative procedures
ALC_CMC.1 Labeling of the TOE
ALC_CMS.1 TOE CM coverage
ATE_IND.1 Independent testing – conformance
AVA_VAN.1 Vulnerability survey
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 15 of 19
9 Validator Comments/Recommendations
The validators suggest that the consumer pay particular attention to the evaluated configuration of the
device(s). As stated in the Clarification of Scope, the functionality evaluated is scoped exclusively to the
security functional requirements specified in the Security Target, and the only evaluated functionality was
that which was described by the SFRs claimed in the Security Target. All other functionality provided by
the devices, to include software that was not part of the evaluated configuration, needs to be assessed
separately and no further conclusions can be drawn about their effectiveness.
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 16 of 19
10 Annexes
Not applicable
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 17 of 19
11 Security Target
The ST for this product’s evaluation is TippingPoint Threat Protection System (TPS) v5.1 Security Target,
Version 1.0, 11 January 2019 [7].
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 18 of 19
12 Abbreviations and Acronyms
This section identifies abbreviations and acronyms used in this document.
AAR Assurance Activities Report
CC Common Criteria for Information Technology Security Evaluation
CCEVS Common Criteria Evaluation and Validation Scheme
CCTL Common Criteria Testing Laboratory
CEM Common Evaluation Methodology for Information Technology Security
CM Configuration Management
ETR Evaluation Technical Report
IT Information Technology
NIAP National Information Assurance Partnership
NIST National Institute of Standards and Technology
NSA National Security Agency
NVLAP National Voluntary Laboratory Assessment Program
PCL Product Compliant List
PP Protection Profile
ST Security Target
TOE Target of Evaluation
TSF TOE Security Function
VR Validation Report
VALIDATION REPORT
Trend Micro TippingPoint Threat Protection System (TPS) v5.1
Page 19 of 19
13 Bibliography
The Validation Team used the following documents to produce this Validation Report:
[1] Common Criteria for Information Technology Security Evaluation Part 1: Introduction, Version
3.1, Revision 4, September 2012.
[2] Common Criteria for Information Technology Security Evaluation Part 2: Security Functional
Requirements, Version 3.1 Revision 4, September 2012.
[3] Common Criteria for Information Technology Security Evaluation Part 3: Security Assurance
Components, Version 3.1 Revision 4, September 2012.
[4] Common Methodology for Information Technology Security Evaluation, Evaluation
Methodology, Version 3.1, Revision 4, September 2012.
[5] collaborative Protection Profile for Network Devices, Version 2.0 + Errata 20180314, 14 March
2018
[6] Evaluation Activities for Network Device cPP, Version 2.0 + Errata 20180314, March 2018
[7] Trend Micro TippingPoint Threat Protection System (TPS) v5.1 Security Target, Version 1.0,
January 11, 2019
[8] Trend Micro TippingPoint Threat Protection System (TPS) Command Line Interface reference,
October 2018
[9] Trend Micro TippingPoint Threat Protection System Hardware Specification and Installation
Guide, Version 5.1, July 2018
[10] Trend Micro TippingPoint Threat Protection System Install Your 440T and 2200T Security
Devices, Revision 6, July 2018
[11] Trend Micro TippingPoint Threat Protection System Install Your 8200TX and 8400TX Security
Devices, Revision 2, July 2018
[12] Trend Micro TippingPoint Virtual Threat Protection System (vTPS) Deployment Guide, Version
5.1, July 2018
[13] Trend Micro Common Criteria Evaluated Configuration Guide (CCECG) for TPS v5.1, Version
1.0, 11 January 2019
[14] Trend Micro TippingPoint Threat Protection System (TPS) v5.1 Common Criteria Test Report
and Procedures for Network Device collaborative PP Version 2.0, January 11, 2019
[15] Assurance Activities Report for Trend Micro TippingPoint Threat Protection System (TPS),
Version 1.1, January 11, 2019