NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Apple IOS VPN Client on iPhone & iPad

Certificate Date:  2016.03.10

Validation Report Number:  CCEVS-VR-VID10714-2016

Product Type:    Virtual Private Network

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for IPsec Virtual Private Network (VPN) Clients Version 1.4

CC Testing Lab:  Acumen Security

Maintenance Release:
CC Certificate [PDF] Security Target [PDF] * Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Product Description

The Apple iOS VPN Client is the native VPN client for iOS Devices (iPhones/iPads) The TOE is the Apple iOS VPN Client which runs on iPad and iPhone devices. The IPsec VPN allows users the ability to have confidentiality, integrity, and protection of data in transit regardless of the transport mechanism (cellular or Wi-Fi).  The TOE is the VPN Client software only. The Apple iOS operating system has been separately validated (VID10695). While it supports a number of VPN types, the evaluated configuration is IPsec using IKEv2 in an always-on configuration.


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Apple iOS VPN client was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.  The product, when delivered configured as identified in the Apple iOS VPN Common Criteria Guide, satisfies all of the security functional requirements stated in the Apple iOS VPN Client Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in March 2016.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

User Data Protection

All transmitted data is encrypted using AES, leveraging the following cipher suites depending on configuration: AES-128-CBC, AES-256-CBC, AES-128-GCM or AES-256-GCM.  Cryptographic support is provided by two cryptographic modules, Apple iOS CoreCrypto Kernel Module v6.0 and Apple iOS CoreCrypto Module v6.0.

Identification and Authentication

In the evaluated configuration, the TOE supports authentication using X.509 certificates.  Supported certificate types in the evaluated configuration can be:

·         RSA with 2048-bit key

·         ECDSA with 256-bit curve

·         ECDSA with 384-bit curve

·         ECDSA with 521-bit curve 

Security Management

In the evaluated, always-on configuration, all management activities are conducted through a mobile device management system, such as Apple Configurator, or a third-party option, with the exception of applying a configuration profile once it has been made available to the TOE platform.

Protection of the TSF

The TOE relies on the security mechanisms of the underlying platform, including self-tests and verifying the integrity of updates.  In the evaluated configuration, the TOE is utilized in an “always-on” configuration, and the TOE Platform will not allow a user to disable it. 

TOE Access

The TOE can terminate inactive sessions after an Authorized Administrator configurable time-period.  Once a session has been terminated the TOE requires the user to re-authenticate to establish a new session. 

Trusted path/Channels

The TOE establishes a trusted channel between the TOE platform (Apple iOS device) and a VPN gateway to allow mobile users access to corporate resources, by way of an always-on IPsec VPN leveraging IKEv2.


Vendor Information

Logo
Apple Inc.
Shawn Geddis
(669) 227-3579
geddis@apple.com

www.apple.com
Site Map              Contact Us              Home