NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Apple iOS 11 VPN Client on iPhone and iPad

Certificate Date:  2018.05.10

Validation Report Number:  CCEVS-VR-VID10876-2018

Product Type:    Virtual Private Network

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for IPsec Virtual Private Network (VPN) Clients Version 1.4

CC Testing Lab:  Acumen Security

Maintenance Release:
CC Certificate [PDF] Security Target [PDF] * Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Product Description

The Apple iOS VPN Client is the native VPN client for iOS Devices (iPhones/iPads). The TOE is the Apple iOS VPN Client which runs on iPad and iPhone devices. The IPsec VPN allows users the ability to have confidentiality, integrity, and protection of data in transit regardless of the transport mechanism (cellular or Wi-Fi).  The TOE is the VPN Client software only. The Apple iOS operating system has been separately validated (VID10851). While it supports a number of VPN types, the evaluated configuration is IPsec using IKEv2 in an always-on configuration.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Apple iOS VPN client was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.  The product, when delivered configured as identified in the Apple iOS VPN Common Criteria Guide, satisfies all of the security functional requirements stated in the Apple iOS VPN Client Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in May 2018.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

User Data Protection

All transmitted data is encrypted using AES, leveraging the following cipher suites depending on configuration: AES-128-CBC, AES-256-CBC, AES-128-GCM or AES-256-GCM.  Cryptographic support is provided by two cryptographic modules, Apple iOS CoreCrypto Kernel Module and Apple iOS CoreCrypto Module.

Identification and Authentication

In the evaluated configuration, the TOE supports authentication using X.509 certificates.  Supported certificate types in the evaluated configuration can be:

·         RSA with 2048-bit key

·         ECDSA with 256-bit curve

·         ECDSA with 384-bit curve

Security Management

In the evaluated, always-on configuration, all management activities are conducted through a mobile device management system, such as Apple Configurator, or a third-party option, with the exception of applying a configuration profile once it has been made available to the TOE platform.

Protection of the TSF

The TOE relies on the security mechanisms of the underlying platform, including self-tests and verifying the integrity of updates.  In the evaluated configuration, the TOE is utilized in an “always-on” configuration, and the TOE Platform will not allow a user to disable it.


TOE Access

The TOE can terminate inactive sessions after an Authorized Administrator configurable time-period.  Once a session has been terminated, the TOE requires the user to re-authenticate to establish a new session. 

Trusted path/Channels

The TOE establishes a trusted channel between the TOE platform (Apple iOS device) and a VPN gateway to allow mobile users access to corporate resources, by way of an always-on IPsec VPN leveraging IKEv2.

Vendor Information

Apple Inc.
Shawn Geddis
Site Map              Contact Us              Home