NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Microsoft Windows 10 and Windows 10 Mobile (Anniversary Update) with Microsoft Surface Book, Surface Pro 4, Lumia 950, 950 XL, 650, HP Elite x3, and Dell Latitude 5580

Certificate Date:  2017.04.12

Validation Report Number:  CCEVS-VR-VID10752-2017

Product Type:    Mobility

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Mobile Device Fundamentals Version 2.0

CC Testing Lab:  Leidos Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

TOE Software Identification: The following Windows Operating Systems (OS):

·         Microsoft Windows 10 (Anniversary Update) Pro Edition (64-bit version)

·         Microsoft Windows 10 (Anniversary Update) Enterprise Edition (64-bit version)

·         Microsoft Windows 10 Mobile (Anniversary Update)

TOE Hardware Identification: The following hardware platforms and components are included in the evaluated configuration.

·         Microsoft Surface Book, Windows 10 Enterprise and Windows 10 Pro

·         Microsoft Surface Pro 4, Windows 10 Enterprise and Pro

·         Microsoft Surface Pro 3, Windows 10 Enterprise and Windows 10 Pro

·         Microsoft Surface 3, Windows 10 Enterprise and Windows 10 Pro

·         Microsoft Surface 3 with LTE, Windows 10 Enterprise and Windows 10 Pro

·         Microsoft Lumia 950, Windows 10 Mobile

·         Microsoft Lumia 950 XL, Windows 10 Mobile

·         Microsoft Lumia 650, Windows 10 Mobile

·         HP Elite x3, Windows 10 Mobile

·         Dell Latitude 5580, Windows 10 Enterprise and Pro

Windows 10 (Anniversary Update) is suited for business desktops, notebook, convertible, and tablet computers. It is the workstation product and while it can be used by itself, it is designed to serve as a client within Windows domains.  Windows 10 Mobile (Anniversary Update) is based on the same core operating system as Windows 10 (Anniversary Update) and provides a simplified user interface that makes Windows 10 Mobile a communications hub for voice, text, and web access.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the PP MD, version 2.0. The criteria against which the Windows 10 mobile devices were judged are described in the Protection Profile Assurance Activities.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 revision 4. The product, when delivered configured as identified in the guidance document, satisfies all of the security functional requirements stated in the Microsoft Windows 10 (Anniversary Update) and Microsoft Windows 10 Mobile (Anniversary Update) Security Target, Version 0.08 The project underwent CCEVS validation team review.  The evaluation was completed in April 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

Security Audit

Windows 10 has the ability to collect audit data, review audit logs, protect audit logs from overflow, and restrict access to audit logs.  Audit information generated by the system includes the date and time of the event, the user identity that caused the event to be generated, and other event specific data.  Authorized administrators can review audit logs and have the ability to search and sort audit records. Authorized Administrators can also configure the audit system to include or exclude potentially auditable events to be audited based on a wide range of characteristics. In the context of this evaluation, the protection profile requirements cover generating audit events, selecting which events should be audited, and providing secure storage for audit event entries.

Cryptographic Support

Windows provides CAVP validated cryptographic functions that support encryption/decryption, cryptographic signatures, cryptographic hashing, cryptographic key agreement (which is not studied in this evaluation), and random number generation. The TOE additionally provides support for public keys, credential management and certificate validation functions and provides support for the National Security Agency’s Suite B cryptographic algorithms. Windows also provides a key isolation service designed to limit the potential exposure of secret and private keys. In addition to using cryptography for its own security functions, Windows offers access to the cryptographic support functions for user-mode and kernel-mode programs. Public key certificates generated and used by Windows to authenticate users and machines as well as protect both user and system data in transit.

·         Software-based disk encryption: Windows implements BitLocker to provide encrypted data storage for fixed and removable volumes and protects the disk volume’s encryption key with one or more intermediate keys and authorization factor

·         IPsec: Windows implements IPsec to provide protected, authenticated, confidential, and tamper-proof networking between two peer computers.[1] 

User Data Protection

In the context of this evaluation, Windows protects user data at rest and provides secure storage of X.509v3 certificates.

Identification and Authentication

In the context of this evaluation, Windows provides the ability to use, store, and protect X.509 certificates that are used for TLS and authenticates the user to their mobile device. 

Security Management

Windows includes several functions to manage security policies.  Policy management is controlled through a combination of access control, membership in administrator groups, and privileges.

Protection of the TSF

Windows provides a number of features to ensure the protection of TOE security functions. Windows protects against unauthorized data disclosure and modification by using a suite of Internet standards.  Windows ensures process isolation security for all processes through private virtual address spaces, execution context, and security context.  The Windows data structures defining process address space, execution context, memory protection, and security context are stored in protected kernel-mode memory. Windows includes self-testing features that ensure the integrity of executable program images and its cryptographic functions. Finally, Windows provides a trusted update mechanism to update Windows binaries itself. 

TOE Access

Windows provides the ability for a user to lock their session either immediately or after a defined interval.  Windows constantly monitors the mouse, keyboard, and touch display for activity and locks the computer after a set period of inactivity.  Windows allows an authorized administrator to configure the system to display a logon banner before the logon dialog.

Trusted Path/Channels

Windows uses a suite of protocols to provide a Virtual Private Network Connection (VPN) between itself, acting as a VPN client, and a VPN gateway in addition to providing protected communications for HTTPS and TLS. 

[1] Windows implements IPsec however it was not included in the Mobile Device Fundamentals PP evaluation because there is a separate protection profile for IPsec VPN clients. See Microsoft Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client evaluation (

Vendor Information

Microsoft Corporation
Mike Grimm
425 703 5683
425 936 7329
Site Map              Contact Us              Home