NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Apple iOS 12 Contacts

Certificate Date:  2019.02.28

Validation Report Number:  CCEVS-VR-VID10961-2019

Product Type:    Application Software

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Application Software Version 1.2

CC Testing Lab:  Acumen Security

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The TOE is the Apple iOS 12 Contacts on iPhone and iPad. The product provides access and management of user contact information within the devices. The TOE is an application on a mobile operating system. The TOE is the Contacts application only. The Apple iOS operating system has been separately validated (VID 10937). The mobile operating system and hardware platforms are part of the TOE environment. The evaluated version of the TOE is version 12.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Apple iOS 12 Contacts was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.  The product, when delivered configured as identified in the Apple iOS 12 Contacts Common Criteria Guide, satisfies all of the security functional requirements stated in the Apple iOS 12 Contacts Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in February 2019.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

Cryptographic Support:

The iOS platform provides HTTPS/TLS functionality to securely communicate with trusted entities. The TOE does not directly perform any cryptographic functions.


User Data Protection:

The TOE requests no hardware or software resources during the use of the application. The TOE requires network access.


Identification and Authentication:

All validation of X.509 certificates is performed by the iOS platform on which the TOE is running.


Security Management:

The TOE is installed completely pre-configured. No security related configuration is required for operation.



The TOE will transmit contact information at the request of the user. The TOE provides a notification when sharing this information.


Protection of the TSF:

The TOE platform performs cryptographic self-tests at startup which ensures the TOE ability to properly operate. The TOE platform also verifies all software updates via digital signature.


Trusted Path/Channels:

The TOE is a software application. The TOE has the ability to establish protected communications.

Vendor Information

Apple Inc.
Shawn Geddis
Site Map              Contact Us              Home