Compliant Product - Apple iOS 13 on iPhone and Apple iPadOS 13 on iPad Mobile Devices
Certificate Date: 2020.11.06CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11036-2020
Product Type: Mobility
Conformance Claim: Protection Profile Compliant
PP Identifier: PP-Module for MDM Agent Version 1.0
PP-Module for VPN Client Version 2.1
Protection Profile for Mobile Device Fundamentals Version 3.1
Extended Package for Wireless LAN Client Version 1.0
CC Testing Lab: atsec information security corporation
The Target of Evaluation (TOE) is Apple iOS 13 on iPhone and Apple iPadOS 13 on iPad Mobile Devices using the A8/A8X processor (iPad mini 4), A9/A9X processor (iPhone 6s, iPhone 6s Plus, iPhone SE, iPad 9.7-inch (5th gen), iPad Pro 9.7-inch, iPad Pro 12.9-inch), A10 Fusion/A10X Fusion processor (iPhone 7, iPhone 7 Plus, iPad 9.7-inch (6th gen), iPad 10.2-inch (7th gen), iPad Pro 12.9-inch (2nd gen), iPad Pro 10.5-inch), A11 Bionic processor (iPhone 8, iPhone 8 Plus, iPhone X), A12 Bionic/A12X Bionic/A12Z Bionic processor (iPhone Xs, iPhone Xs Max, iPhone XR, iPad mini (5th gen), 10.5-inch iPad Air (3rd gen), 11-inch iPad Pro, 12.9-inch iPad Pro (3rd gen), 11-inch iPad Pro (2nd gen), 12.9-inch iPad Pro (4th gen), and A13 Bionic processor (iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone SE (2nd gen)).
Devices Covered by the Evaluation
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the Apple iOS 13 on iPhone and iPadOS 13 on iPad Mobile Devices was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R5. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1, R5. The product, when delivered and configured as identified in the Apple iOS 13 on iPhone and Apple iPadOS 13 on iPad Mobile Devices Common Criteria Configuration Guide, meets the requirements of the PP-Configuration for Mobile Device Fundamentals (MDF), Mobile Device Management (MDM) Agents, and Virtual Private Network (VPN) Clients Version 1.0 (which is comprised of the Protection Profile for Mobile Device Fundamentals Version 3.1, the PP-Module for MDM Agents Version 1.0, and the PP-Module for Virtual Private Network (VPN) Clients Version 2.1); the General Purpose Operating Systems Protection Profile/ Mobile Device Fundamentals Protection Profile Extended Package (EP) Wireless Local Area Network (WLAN) Clients Version 1.0.
Apple iOS 13 on iPhone and Apple iPadOS 13 on iPad Mobile Devices
Apple iOS 13 on iPhone and Apple iPadOS 13 on iPad Mobile Devices Common Criteria Configuration Guide document satisfies all of the security functional requirements stated in the Apple iOS 13 on iPhone and Apple iPadOS 13 on iPad Mobile Devices Security Target, version 1.7. The evaluation was subject to CCEVS Validator review. The evaluation was completed in November 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report number CCEVS-VR-VID11036-2020, prepared by CCEVS.
The TOE provides cryptographic services for the encryption of data-at rest, for secure communication channels, and for use by applications. In addition, the TOE implements a number of cryptographic protocols that can be used to establish a trusted channel to other IT entities.
As noted in the Security Target, section 18.104.22.168 the TOE provides cryptographic services via the following cryptographic modules.
· Apple CoreCrypto Cryptographic Module for ARM, v10.0 (User Space)
· Apple CoreCrypto Cryptographic Kernel Module for ARM, v10.0 (Kernel Space)
· Apple Secure Key Store Cryptographic Module, v10.0
Identification and Authentication
Except for making emergency calls, answering calls, accessing Medical ID information, using the cameras, and using the flashlight, users need to authenticate using a passcode or a biometric (fingerprint or face). The user is required to use the passcode authentication mechanism when turn on or restart the device, press the Home button or swipe up to unlock your device (configurable), update software, erase the device, view or change passcode settings, or install iOS or iPadOS Configuration Profiles.
The passcode can be configured for a minimum length, for dedicated passcode policies, and for a maximum lifetime. When entered, passcodes are obscured and the frequency of entering passcodes is limited as well as the number of consecutive failed attempts of entering the passcode.
The TOE also enters a locked state after a (configurable) time of user inactivity and the user is required to either enter his passcode or use biometric authentication (fingerprint or face) to unlock the TOE.
External entities connecting to the TOE via a secure protocol (Extensible Authentication Protocol Transport Layer Security (EAP-TLS), Transport Layer Security (TLS), IPsec) can be authenticated using X.509 certificates.
The security functions listed in the Security Target can be managed either by the user or by an authorized administrator through a Mobile Device Management (MDM) system. The Security Target identifies the functions that can be managed and indicates if the management can be performed by the user, by the authorized administrator, or both.
TOE Security Functionality (TSF) Protection
Some of the functions the TOE implements to protect the TSF and TSF data are:
The TSF provides functions to lock the TOE upon request and after an administrator-configurable time of inactivity.
Access to the TOE via a wireless network is controlled by user/administrator defined policy.
The TOE supports the use of the following cryptographic protocols that define a trusted channel between itself and another trusted IT product:
· IEEE 802.11-2012
· IEEE 802.11ac-2013 (a.k.a. Wi-Fi 5)
· IEEE 802.11ax (a.k.a. Wi-Fi 6)
· IEEE 802.1X
· EAP-TLS (1.0, 1.1, 1.2)
· TLS (1.2)
· Bluetooth (4.0, 4.2, 5.0)
The TOE provides the ability for responses to be sent from the MDM Device Agent to the MDM Server. These responses are configurable by the organization using a scripting language given in the Over-the-Air Profile Delivery and Configuration document.