CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

The TOE is the VMware Workspace ONE Boxer Email Client Version 23.11 application which is an enterprise email client for iOS, iPadOS and Android mobile devices. The Boxer application provides S/MIME email services and containerizes enterprise data from personal data that resides on the user’s mobile device.

In the evaluated configuration, the TOE is installed on either a mobile device running iOS 16 (VID11349), iPadOS 16 (VID11350), or Android 13 (VID11342). The mobile devices must be enrolled and managed by the VMware Workspace ONE Unified Endpoint Management (UEM) at the device level. When the TOE application is installed on the mobile device it is then enrolled as a managed application in UEM in order to obtain its configuration information.

Additionally, the TOE is configured to use ActiveSync to communicate with the Microsoft Exchange server over a TLS v1.2 trusted channel. The Exchange server resides in the operational environment and is for sending and receiving enterprise data such as email, calendar information and appointment data. Whether installed on an Android or iOS/iPadOS device, the application validates the certificates using OCSP. The OCSP responder is also considered part of the operational environment.

The following list identifies the components and applications in the environment that the TOE relies upon in order to function properly:

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. VMware Workspace ONE Boxer Email Client Version 23.11 was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the VMware Workspace ONE Boxer Email Client Version 23.11 Security Target V1.0, dated March 4, 2024. The evaluation underwent CCEVS Validator review. The evaluation was completed in May 2024. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR- VID11441-2024 prepared by CCEVS.

Cryptographic Support

Depending on which OS the application is installed on, the TOE either invokes the underlying platform or implements its own cryptographic module to perform cryptographic services. All cryptographic mechanisms, whether platform or application provided, use DRBG functionality to support cryptographic operations. Cryptographic functionality includes encryption/decryption services, credential/key storage, key establishment, key destruction, hashing services, signature services, key-hashed message authentication, and key chaining using a password-based derivation function.

Cryptographic services for the application’s S/MIME functionality and TLS communications are provided by the underlying platform when the application is installed on a device running iOS/iPadOS. When installed on a device running the Android OS, the TOE invokes the underlying platform cryptographic libraries for TLS communications and implements an OpenSSL cryptographic module to perform the cryptographic functionality required to support S/MIME (CAVP certificate #A5072).

User Data Protection

The TOE uses S/MIME to digitally sign, verify, decrypt, and encrypt email messages. The TOE stores all application data in an encrypted Boxer database which is created on the mobile device during installation. The TOE’s host platforms (iOS, iPadOS, and Android) implement file-based encryption to securely store the data. The TOE restricts its network access and provides user awareness when it attempts to access hardware resources and sensitive data stored on the host platform. The TOE displays notification icons that show S/MIME status. Each status is shown as a different color so that the user can quickly identify any issues.

Identification and Authentication

The TOE relies on the OS to validate X.509.3 certificates for TLS communication. The TOE validates X.509v3 certificates for signing and encrypting emails for S/MIME.

Security Management

The TOE enforces the application’s enterprise policy set by the UEM administrator pushed out to the managed TOE device. The TOE does not use default passwords, and automatically installs and configures the application to protect itself and its data from unauthorized access while also implementing the recommended platform security mechanisms. Changing one’s own password from the application is the only management function that can be performed by the owner/user of the mobile device with the TOE installed.

Privacy

The TOE does not transmit any personally identifiable information (PII) over the network unless voluntarily sent via free text email.

Protection of the TSF

The TOE does not support the installation of trusted or untrusted add-ons. The user is able to navigate the platform to check the version of the TOE and also check for updates to the application. All updates come from the Google Play Store (Android) or Apple App Store (iOS and iPadOS). The digital signature of the updates is verified by the mobile device platform prior to being installed. The TOE does not replace or modify its own binaries without user interaction. The TOE implements anti-exploitation features, such as stack-based overflow protection, is compatible with security features provided by the OS, and will only use documented APIs and libraries. 

Trusted Path/Channels

The TOE invokes the platform to provide the trusted communication channel between the TOE and the Exchange server. Communications are protected with TLS v1.2. Communication to the Exchange server uses ActiveSync to send and receive emails.

Vendor Information