Compliant Product - Apple iOS 13 and iPadOS 13: Contacts
Certificate Date: 2020.06.05CC Certificate Security Target * Validation Report
Validation Report Number: CCEVS-VR-VID11050-2020
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Application Software Version 1.3
CC Testing Lab: Acumen Security
* This is the Security Target (ST) associated with the latest Maintenance Release. To view previous STs for this TOE, click here.
The TOE is the Apple iOS and iPadOS 13 Contacts application which runs on iPhones and iPads. The product provides access and management of user contact information within the devices. Note: The TOE is the application software only.
The TOE is an application on a mobile OS. The TOE is the Contacts application only. The mobile operating system and hardware platforms are part of the TOE environment. The evaluated version of the TOE is version 13.4.1.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Apple iOS and iPadOS 13 Contacts was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. The product, when delivered configured as identified in the Apple iOS and iPadOS 13 Contacts Common Criteria Guide, satisfies all of the security functional requirements stated in the Apple iOS and iPadOS 13 Contacts Security Target. The project underwent CCEVS Validator review. The evaluation was completed in June, 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE provides the security functionality required by [SWAPP].
The TOE platform provides HTTPS/TLS functionality to securely communicate with trusted entities. The TOE does not directly perform any cryptographic functions.
User Data Protection
The TOE requests no hardware or software resources during the use of the application. The TOE requires network access.
The TOE is installed completely pre-configured. No security related configuration is required for operation.
The TOE does not request any PII with the intent to transmit the data over the network. However, the TOE will transmit contact information at the request of the user. In these cases, the TOE provides a notification when sharing this information.
Protection of the TSF
The TOE platform performs cryptographic self-tests at startup which ensures the TOE ability to properly operate. The TOE platform also verifies all software updates via digital signature.
The TOE is a software application. The TOE has the ability to establish protected communications using platform provided TLS/HTTPS.
+1 669 227 3579