NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Monkton IA Docs Reinforced by Rebar for iOS v1.0.0

Certificate Date:  2017.12.07

Validation Report Number:  CCEVS-VR-VID10825-2017

Product Type:    Application Software

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Extended Package for Software File Encryption Version 1.0
  Protection Profile for Application Software Version 1.2

CC Testing Lab:  Acumen Security

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

Monkton IA Docs is a mobile app that is installed on the Apple iPhone and the Apple iPad. This app enables end users to securely download and view documents stored in a cloud/service provider.

Monkton IA Docs is Managed Configuration Enabled with MDM providers, allowing MDM providers to push configuration settings down to devices. This enables enterprises to manage apps on managed devices in a secure manner.

Evaluated Configuration

The TOE was evaluated on Apple’s iPhone 7 with iOS 10.3.2 (A10 Fusion with 64-bit architecture) and iPad Pro 10” with iOS 10.3.2 (A10X Fusion with 64-bit architecture).

To use the product in the evaluated configuration, the product must be configured as specified in the Monkton IA Docs Reinforced by Rebar for iOS version 1.0.0 User Guide, version 1.0 and the Rebar Platform Administrative Guide, version 1.0.

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Monkton IA Docs Reinforced by Rebar for iOS, version 1.0, Built on Monkton’s Rebar Platform was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  The product, when delivered configured as identified in the Administrative Guidance, satisfies all of the security functional requirements stated in the Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in December 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (CCEVS-VR-10825-2017) prepared by CCEVS.

Environmental Strengths

Cryptographic Support

The TOE provides several functions for cryptographic support. The TOE, by virtue of being built on Rebar, implements DAR and DIT as a functional component. When HTTPS network connections are created, they are made over TLS 1.2 connections with the requisite cipher suites. The TOE uses OpenSSL 1.0.2L to provide its cryptographic support.

The TOE, through Rebar, provides all requisite cryptographic functions for hashing, signing, HMAC, random number generation, and symmetric encryption.

To protect the keys and data generated by the TOE, the TOE will aggressively and securely delete key data and files written to non-volatile memory. This leverages both platform implemented functions as well as functions integrated into Rebar.

User Data Protection

The TOE requests no hardware or software resources during the use of the application. The TOE requires network access but this is not a request that is prompted to the user.

Identification and Authentication

The TOE, through Rebar, implements X509 certificate validation for all server certificates presented for TLS 1.2 connections. Additionally, Rebar implements SSL Pinning, validating certificates based on SHA512 hashes of the certificates.

For user authorization, the TOE leverages PBKDF2 with HMACSHA256 to validate user credentials based on a passcode. The conditioned key is used as the FEK for the RMD. The passcode can be configured by the administrator for complexity requirements.

Security Management

The TOE is, by default, configured to be secure whenever it is freshly installed on a device. The TOE, through Rebar, provides configuration settings available through the Managed App Configuration settings. Rebar implements a secure version of NSUserDefaults that ensures settings are stored in an AES256 encrypted database.

Protection of the TSF

The TOE leverages only approved iOS APIs and available libraries. The TOE includes several third-party libraries that provide specific functionality for the TOE. Each of these libraries leverage only approved iOS APIs.

The TOE leverages the iOS update manager (App Store) or enterprise distribution mechanisms (MDM/Enterprise App Store) to update and install approved apps.

All key material used within the TOE is protected and destroyed as part of the cryptographic support. The password conditioned FEK is never stored in non-volatile memory.              

Trusted Path

All data in transit for the TOE is sent with TLS 1.2.


The TOE does not transmit PII.

Vendor Information

Monkton, Inc.
Harold Smith III
Site Map              Contact Us              Home