NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Getac, Inc. MX50

Certificate Date:  2017.04.06

Validation Report Number:  CCEVS-VR-VID10756-2017

Product Type:    Mobility

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Mobile Device Fundamentals Version 2.0

CC Testing Lab:  Gossamer Security Solutions

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The TOE is a ruggedized mobile device designed to support military and civil service users.  Based upon Android 5.1.1, the TOE provides wireless and wired connectivity out of the box.  Snapbacks are used to add optional modules (e.g., cellular).   The TOE includes a port to attach a snapback module that adds WWAN, USB, or a second battery. The snapback module would likely be used to add USB storage encryption.

The evaluated TOE contains either 64GB/128GB of internal Flash storage and either 2GB/4GB of memory.

Evaluated Configuration

The Target of Evaluation (TOE) is the Getac Inc. MX50, a ruggedized tablet featuring a 5.7” (1280x720 HD) display; an Intel Z8350 1.44 GHz x86 CPU; micro USB; Gleanair and AB Military connector; microSD; 14-pin modular connector; WiFi/Bluetooth radio. The TOE runs Android 5.1.1.

The MX50 does not have a cellular chip for mobile broadband. The MX50 only has a WiFi/Bluetooth chip and Ethernet (via military connector or USB-to-Ethernet) for networking (connecting to WiFi or Bluetooth networks).

The evaluated configuration consists of a Getac MX50 running on Android 5.1.1.

Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 4, July 2012.  The product, when delivered and configured as identified in the Getac MX50 Administrator Guidance Instructions, Version 0.8, April 2, 2017 document, satisfies all of the security functional requirements stated in the Getac MX50 (MDFPP20) Security Target, Version 1.0, April 5, 2017.  The project underwent CCEVS Validator review.  The evaluation was completed in April 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-10756-2017) prepared by CCEVS.

Environmental Strengths

The logical boundaries of the Getac MX50 are realized in the security functions that it implements. Each of these security functions is summarized below.

Cryptographic support:

The TOE includes cryptographic modules with CAVP validated algorithms supporting cryptographic functions including: asymmetric key generation and establishment, symmetric key generation, encryption/decryption, cryptographic hashing and keyed-hash message authentication. These functions are supported with suitable random bit generation, key derivation, salt generation, initialization vector generation, secure key storage, and key and protected data destruction. These primitive cryptographic functions are used to implement security protocols such as TLS and HTTPS and also to encrypt the media (including the generation and protection of data, right, and key encryption keys) used by the TOE. Many of these cryptographic functions are also accessible as services to applications running on the TOE.

User data protection:

The TOE controls access to system services by hosted applications, including protection of the Trust Anchor Database. Additionally, the TOE protects user and other sensitive data using encryption so that even if a device is physically lost, the data remains protected.

Identification and authentication:

The TOE supports a number of features related to identification and authentication. A password (i.e., Password Authentication Factor) must be correctly entered to unlock the TOE. Also, even when the TOE is unlocked the password must be re-entered to change the password. Passwords are obscured when entered so they cannot be read from the TOE's display. The TOE limits the frequency of password entry and when a configured number of failures occurs, the TOE takes an appropriate action such as performing a full wipe of protected content or some other administrator-defined action. Passwords of up to 14 characters in length can be constructed using upper and lower case characters, numbers, and special characters.

The TOE also serves as an IEEE 802.1X supplicant and can use X509v3 certificates and perform certificate validation for a number of functions when necessary such as EAP-TLS, TLS, and HTTPS exchanges.

Security management:

The TOE provides all the interfaces necessary to manage the security functions claimed in the corresponding Security Target (and conforming to the MDFPP requirements) as well as other functions commonly found in mobile devices. Some of the available functions might be available only to the mobile device users while others may be restricted to administrators operating through a Mobile Device Management solution if the TOE has been enrolled. If the TOE has been enrolled in a MDM solution and is then un-enrolled, it will perform functions such as performing a full wipe of protected data to complete the un-enrollment.

Protection of the TSF:

The TOE implements a number of features to protect itself and to ensure the reliability and integrity of its security features. It protects sensitive data such as cryptographic keys so that they are not accessible or exportable. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for cryptographic operations and user accountability). It enforces read, write, and execute memory page protections, uses address space layout randomization, and stack-based buffer overflow protections to minimize the potential to exploit application flaws. It also is designed to protect itself from modification by applications as well as to isolate the address spaces of applications from one another to protect those applications.

The TOE includes functions to perform self-tests and software/firmware integrity checking so that it might detect when it is failing or may be corrupt. If any self-test fails, the TOE will not go into an operational mode. It also includes mechanisms (i.e., verification of the digital signature of each new image) so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE. Digital signature checking also extends to verifying applications prior to their installation.

TOE access:

The TOE can be locked, obscuring its display, by a user or after a configured interval of inactivity. The TOE also has the capability to display an advisory message (banner) when users unlock the TOE for use.

Trusted path/channels:

The TOE supports the use of 802.11-2012, 802.1X, and EAP-TLS to secure communications channels between itself and other trusted network devices.

Vendor Information

Getac, Inc.
Dante Conrad
Site Map              Contact Us              Home