NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Apple iOS 9

Certificate Date:  2016.01.28

Validation Report Number:  CCEVS-VR-VID10695-2016

Product Type:    Mobility

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Mobile Device Fundamentals Version 2.0

CC Testing Lab:  atsec information security corporation


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The Target of Evaluation (TOE) is Apple iOS 9.2 on iPhone and iPad devices using the A7 or A8/A8X processor (iPhone 5s, iPad mini 2, iPad Mini 3, iPad Air (A7); iPhone 6, iPhone 6 Plus (A8), iPad Air 2 (A8x)).


Evaluated Configuration

Devices Covered by the Evaluation

Device Name

Model Number

WiFi

Cellular

Bluetooth

iPhone 6 Plus/ iPhone 6

A1549/A1522 (GSM)

A1549/A1522 (CDMA)

A1586/A1524

802.11/a/b/g/n/ac

802.11/a/b/g/n/ac

802.11/a/b/g/n/ac

See table

See table

See table

4.0

4.0

4.0

iPhone 5s

A1533 (GSM)

A1533 (CDMA)

A1453

A1457

A1530

802.11/a/b/g/n/ac

802.11/a/b/g/n/ac

802.11/a/b/g/n/ac

802.11/a/b/g/n/ac

802.11/a/b/g/n/ac

See table

See table

See table

See table

See table

4.0

4.0

4.0

4.0

4.0

iPad mini 3

WiFi only

WiFi + cellular

802.11a/?b/?g/?n

802.11a/?b/?g/?n

-

See table

4.0

4.0

iPad Air 2

WiFi only

WiFi + Cellular

802.11a/b/g/n/ac

802.11a/b/g/n/ac

-

See table

4.0

4.0

iPad mini 2

WiFi only

WiFi + Cellular

802.11a/b/g/n

802.11a/b/g/n

-

See table

4.0

4.0

iPad Air

WiFi only

WiFi + Cellular

802.11a/b/g/n

802.11a/b/g/n

-

See table

4.0

4.0

 Cellular Protocols Supported

Device Name

Model Number

Cellular

iPhone 6 Plus/ iPhone 6

A1549/A1522 (GSM)

 

UMTS/HSPA+/DC-HSDPA (850, 900, 1700/2100, 1900, 2100 MHz)

GSM/EDGE (850, 900, 1800, 1900 MHz)

LTE (Bands 1, 2, 3, 4, 5, 7, 8, 13, 17, 18, 19, 20, 25, 26, 28, 29)

 

A1549/A1522 (CDMA)

CDMA EV-DO Rev. A and Rev. B (800, 1700/2100, 1900, 2100 MHz)

UMTS/HSPA+/DC-HSDPA (850, 900, 1700/2100, 1900, 2100 MHz)

GSM/EDGE (850, 900, 1800, 1900 MHz)

LTE (Bands 1, 2, 3, 4, 5, 7, 8, 13, 17, 18, 19, 20, 25, 26, 28, 29)

 

A1586/A1524

CDMA EV-DO Rev. A and Rev. B (800, 1700/2100, 1900, 2100 MHz)

UMTS/HSPA+/DC-HSDPA (850, 900, 1700/2100, 1900, 2100 MHz)

TD-SCDMA 1900 (F), 2000 (A)

GSM/EDGE (850, 900, 1800, 1900 MHz)

FDD-LTE (Bands 1, 2, 3, 4, 5, 7, 8, 13, 17, 18, 19, 20, 25, 26, 28, 29)

TD-LTE (Bands 38, 39, 40, 41)

iPhone 5s

A1533 (GSM)

UMTS/HSPA+/DC-HSDPA (850, 900, 1700/2100, 1900, 2100 MHz);

GSM/EDGE (850, 900, 1800, 1900 MHz);

LTE (Bands 1, 2, 3, 4, 5, 8, 13, 17, 19, 20, 25)

 

A1533 (CDMA)

CDMA EV-DO Rev. A and Rev. B (800, 1700/2100, 1900, 2100 MHz);

UMTS/HSPA+/DC-HSDPA (850, 900, 1700/2100, 1900, 2100 MHz);

GSM/EDGE (850, 900, 1800, 1900 MHz);

LTE (Bands 1, 2, 3, 4, 5, 8, 13, 17, 19, 20, 25)

 

A1453

CDMA EV-DO Rev. A and Rev. B (800, 1700/2100, 1900, 2100 MHz);

UMTS/HSPA+/DC-HSDPA (850, 900, 1700/2100, 1900, 2100 MHz);

GSM/EDGE (850, 900, 1800, 1900 MHz);

LTE (Bands 1, 2, 3, 4, 5, 8, 13, 17, 18, 19, 20, 25, 26)

 

A1457

UMTS/HSPA+/DC-HSDPA (850, 900, 1900, 2100 MHz);

GSM/EDGE (850, 900, 1800, 1900 MHz);

LTE (Bands 1, 2, 3, 5, 7, 8, 20)

 

A1530

UMTS/HSPA+/DC-HSDPA (850, 900, 1900, 2100 MHz);

GSM/EDGE (850, 900, 1800, 1900 MHz);

FDD-LTE (Bands 1, 2, 3, 5, 7, 8, 20);

TD-LTE (Bands 38, 39, 40)

iPad mini 3

WiFi + cellular

UMTS/?HSPA/?HSPA+/?DC-HSDPA (850, 900, 1700/2100, 1900, 2100 MHz);

GSM/EDGE (850, 900, 1800, 1900 MHz)

CDMA EV-DO Rev. A and Rev. B (800, 1900 MHz)

LTE (Bands 1, 2, 3, 4, 5, 7, 8, 13, 17, 18, 19, 20, 25, 26)

iPad Air 2

WiFi + cellular

UMTS/?HSPA/?HSPA+/?DC-HSDPA (850, 900, 1700/2100, 1900, 2100 MHz); GSM/EDGE (850, 900, 1800, 1900 MHz)

CDMA EV-DO Rev. A and Rev. B (800, 1900 MHz)

LTE (Bands 1, 2, 3, 4, 5, 7, 8, 13, 17, 18, 19, 20, 25, 26, 28, 29, 38, 39, 40, 41)

iPad mini 2

WiFi + cellular

UMTS/HSPA/HSPA+/DC-HSDPA (850, 900, 1700/2100, 1900, 2100 MHz); GSM/EDGE (850, 900, 1800, 1900 MHz)

CDMA EV-DO Rev. A and Rev. B (800, 1900 MHz)

LTE (Bands 1, 2, 3, 4, 5, 7, 8, 13, 17, 18, 19, 20, 25, 26)

iPad Air

WiFi + cellular

UMTS/HSPA/HSPA+/DC-HSDPA (850, 900, 1700/2100, 1900, 2100 MHz); GSM/EDGE (850, 900, 1800, 1900 MHz)

CDMA EV-DO Rev. A and Rev. B (800, 1900 MHz)

LTE (Bands 1, 2, 3, 4, 5, 7, 8, 13, 17, 18, 19, 20, 25, 26)


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which Apple iOS 9.2 were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1.4. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1.4. The product, when delivered and configured as identified in the iOS 9.2 Common Criteria Guide document, meets the requirements of the Protection Profile for Mobile Device Fundamentals Version 2.0.

Apple iOS 9.2 MDFPPv2

The Apple iOS 9.2 Common Criteria Guide document satisfies all of the security functional requirements stated in the Apple iOS 9.2 MDFPPv2 Security Target. The project underwent CCEVS Validator review. The evaluation was completed in December, 2015. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report number CCEVS-VR-VID10695-2016, prepared by CCEVS.


Environmental Strengths

Cryptographic Support

The TOE provides cryptographic services for the encryption of data-at rest, for secure communication channels, and for use by applications. In addition, the TOE implements a number of cryptographic protocols that can be used to establish a trusted channel to other IT entities.

The TOE provides cryptographic services via the following cryptographic modules.

·         The Apple iOS CoreCrypto Kernel Module v6

·         The Apple iOS CoreCrypto Module v6

Identification and Authentication

Except for making emergency calls, users need to authenticate using a passcode. This passcode can be configured for a minimum length, for dedicated passcode policies, and for a maximum life time. Passcodes are obscured when entered, the frequency of entering passcodes is limited, and the number of consecutive failed attempts of entering the passcode is also limited. The TOE also enters a locked state after a (configurable) time of user inactivity and the user is required to enter his passcode to unlock the TOE.

External entities connecting to the TOE via a secure protocol (EAP-TLS, TLS, IPsec) can be authenticated using X.509 certificates.

User Data Protection

User data in files is protected using cryptographic functions, ensuring this data remains protected even if the device is lost or stolen. Critical data, like passcodes used by applications or application defined cryptographic keys, can be stored in the key chain, which provides additional protection. Passcode protection and encryption ensure that data-at-rest remains protected even in the case of the device being lost or stolen. Data can also be protected so that only the application that owns the data can access it.

Security Management

Security management capabilities are provided to users via the user interface of the device and to administrators through the installation of configuration profiles on the device. This installation can be done using the Apple Configurator tool or by using a Mobile Device Management System.

TOE Security Functionality (TSF) Protection

The TSF protects itself by having its own code and data protected from unauthorized access (using hardware provided memory protection features), by encrypting user and TSF data using TSF protected keys and encryption/decryption functions, by self tests, by ensuring the integrity and authenticity of TSF updates and downloaded applications, and by locking the TOE upon user request or after a defined time of user inactivity.

TOE Access

The TSF provides functions to lock the TOE upon request and after an administrator configurable time of inactivity. Access to the TOE via a wireless network is controlled by user/administrator defined policy.

Trusted Path/Channels

The TOE supports the use of the following cryptographic protocols that define a trusted channel between itself and another trusted IT product: IEEE 802.11-2012; IEEE 802.1X; EAP-TLS; TLS; IPsec.


Vendor Information

Logo
Apple Inc.
Shawn Geddis
703-264-5103
geddis@apple.com

http://www.apple.com
Site Map              Contact Us              Home