ICSA Labs tests firewall products against a standard yet evolving set of criteria. Our Firewall Certification Criteria is composed of both functional and assurance requirements. Our criteria requirements define an industry-accepted standard that all products claiming to have firewalling capabilities must attain.
Historically the ICSA Labs Firewall Product Certification Criteria has taken a "one size fits all" approach. The intent being that every product would have to meet the same requirements in order to be certified. However, the firewall market has evolved significantly since ICSA Labs introduced version 1.0 of the Firewall Product Certification Criteria in 1996. Version 4.1x of the ICSA Labs Modular Firewall Certification Criteria accommodates the evolution of the firewall market.
Version 4.0, the previous version of the criteria, was the culmination of over a year and half of work with industry experts, end users and the Firewall Product Developers Consortium - an international forum of competing developers of firewall products that work toward common goals to benefit both members and end users.
Version 4.1x reflects the different functional requirements in today's multi-segmented firewall market.
Points worth noting with respect to this version 4.1x:
Additionally, 4.1x introduces a new certification category. - Enterprise. The Enterprise module certification requirements, combined with the requirements contained within the Baseline module, derive the requriements for this new certification category.
This new category contains all of the requirements found within the Corporate category module. Addtionally, in order to be granted Enterpise certification a product must meet High Availability (HA), Voice over IP (VoIP) and IPv6 requirements.
Finally, unlike the Residential, Small-Medium Business (SMB) or Corporate categories, NTP or SNTP is a MUST requirement in order to achieve Enterprise certification.
The 4.1 documents that can be downloaded from below (PDF format) are:
Additionally, ICSA Labs is releasing Optional Modules that vendors with certified products may elect to be tested against. The first optional module addresses the Network Firewall VoIP requirements. The second module addresses the Network Firewall High Availability requirements.
All of these documents can be found in the Network Firewalls Document Library.
If you have an questions or comments regarding the Version 4.1x of ICSA Labs' Modular Firewall Certification Criteria please contact us at firstname.lastname@example.org.