NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0554:  iOS/iPadOS/Android AppSW Virus Scan

Publication Date
2020.10.30

Protection Profiles
PP_APP_v1.3

Other References
AVA_VAN.1

Issue Description

PP_APP_v1.3 AVA_VAN.1 evaluation activity requires the evaluator to perform a virus scan against the application files with the most current virus definitions and verify that no files are flagged as malicious.  

for iOS and iPadOS applications, as well as Android applications, that 3rd-Party applications cannot scan other applications. Therefore, antivirus scanners cannot access other application(s) and their data/files and therefore cannot perform an antivirus scan against the application(s) and their data/files. 

Resolution

The Tests Evaluation Activity for AVA_VAN.1 is modified as follows:

The evaluator shall generate a report to document their findings with respect to this requirement. This report could physically be part of the overall test report mentioned in ATE_IND, or a separate document. The evaluator performs a search of public information to find vulnerabilities that have been found in similar applications with a particular focus on network protocols the application uses and document formats it parses. 

The evaluator documents the sources consulted and the vulnerabilities found in the report.

For each vulnerability found, the evaluator either provides a rationale with respect to its non-applicability, or the evaluator formulates a test (using the guidelines provided in ATE_IND) to confirm the vulnerability, if suitable. Suitability is determined by assessing the attack vector needed to take advantage of the vulnerability. If exploiting the vulnerability requires expert skills and an electron microscope, for instance, then a test would not be suitable and an appropriate justification would be formulated.

For Windows, Linux, macOS and Solaris: The evaluator shall also run a virus scanner with the most current virus definitions against the application files and verify that no files are flagged as malicious.

Justification

See issue description.

 
 
Site Map              Contact Us              Home