NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Apple iOS 14: iPhones

Certificate Date:  2021.09.01

Validation Report Number:  CCEVS-VR-VID11146-2021

Product Type:    Mobility

Conformance Claim:  Protection Profile Compliant

PP Identifier:    PP-Module for MDM Agent Version 1.0
  PP-Module for VPN Client Version 2.1
  Protection Profile for Mobile Device Fundamentals Version 3.1
  Extended Package for Wireless LAN Client Version 1.0

CC Testing Lab:  atsec information security corporation


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The Target of Evaluation (TOE) is Apple iOS 14: iPhones using the A9 processor (iPhone 6s, iPhone 6s Plus, iPhone SE), A10 Fusion processor (iPhone 7, iPhone 7 Plus), A11 Bionic processor (iPhone 8, iPhone 8 Plus, iPhone X), A12 Bionic processor (iPhone Xs, iPhone Xs Max, iPhone XR) and A13 Bionic processor (iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone SE (2nd gen), and A14 Bionic (iPhone 12 mini, iPhone 12, iPhone 12 Pro, iPhone 12 Pro Max).


Evaluated Configuration

Devices Covered by the Evaluation

Processor

Device Name

Model Number

A9

iPhone 6s

 

A1633

A1688

A1691

A1700

iPhone 6s Plus

A1634

A1687

A1690

A1699

iPhone SE

A1662

A1723

A1724

A10 Fusion

iPhone 7

A1660

A1779

A1780

A1778

iPhone 7 Plus

A1661

A1785

A1786

A1784

A11 Bionic

iPhone 8

A1863

A1906

A1907

A1905

iPhone 8 Plus

A1864

A1898

A1899

A1897

iPhone X

A1865

A1902

A1901

A12 Bionic

iPhone XS

A1920

A2097

A2098

A2099

A2100

iPhone XS Max

A1921

A2101

A2102

A2104

iPhone XR

A1984

A2105

A2106

A2107

A2108

A13 Bionic

iPhone 11

A2111

A2221

A2223

iPhone 11 Pro

A2160

A2215

A2217

iPhone 11 Pro Max

A2161

A2218

A2219

A2220

iPhone SE (2nd gen)

A2275

A2296

A2298

A14 Bionic

iPhone 12 mini

A2176

A2398

A2399

A2400

iPhone 12

A2172

A2402

A2403

A2404

iPhone 12 Pro

A2341

A2406

A2407

A2408

iPhone 12 Pro Max

A2342

A2410

A2411

A2412


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. Evaluation was completed in September 2021. The criteria against which the Apple iOS 14: iPhones was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R5. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1, R5. The product, when delivered and configured as identified in the Apple iOS 14: iPhones and Apple iPadOS 14: iPads Common Criteria Configuration Guide, meets the requirements of the PP-Configuration for Mobile Device Fundamentals (MDF), Mobile Device Management (MDM) Agents, and Virtual Private Network (VPN) Clients Version 1.0 (which is comprised of  the Protection Profile for Mobile Device Fundamentals Version 3.1, the PP-Module for MDM Agents Version 1.0, and the PP-Module for Virtual Private Network (VPN) Clients  Version 2.1); the General Purpose Operating Systems Protection Profile/ Mobile Device Fundamentals Protection Profile Extended Package (EP) Wireless Local Area Network (WLAN) Clients Version 1.0.

Apple iOS 14: iPhones

The Apple iOS 14: iPhones and Apple iPadOS 14: iPads Common Criteria Configuration Guide document satisfies all of the security functional requirements stated in the Apple iOS 14: iPhones Security Target, version 1.5. The evaluation was subject to CCEVS Validator review. The evaluation was completed in July 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report number CCEVS-VR-VID11146-2021, prepared by CCEVS.


Environmental Strengths

Cryptographic Support

The TOE provides cryptographic services for the encryption of data-at rest, for secure communication channels, and for use by applications. In addition, the TOE implements a number of cryptographic protocols that can be used to establish a trusted channel to other IT entities.

The TOE provides cryptographic services via the following cryptographic modules.

·       Apple corecrypto Module v11.0 [Apple silicon, User, Software] (User Space)

·       Apple corecrypto Module v11.0 [Apple silicon, Kernel, Software] (Kernel Space)

·       Apple corecrypto Module v11.0 [Apple silicon, Secure Key Store, Hardware]

Identification and Authentication

Except for making answering calls, emergency calls, accessing Medical ID information, using the cameras (unless their use is generally disallowed), using the flashlight, using the control center, and using the notification center, users need to authenticate using a passcode or a biometric (fingerprint or face). The user is required to use the passcode authentication mechanism under the following conditions.

·       Turn on or restart the device

·       Press the Home button or swipe up to unlock your device (configurable)

·       Update software

·       Erase the device

·       View or change passcode settings

·       Install iOS Configuration Profiles

The passcode can be configured for a minimum length, for dedicated passcode policies, and for a maximum lifetime. When entered, passcodes are obscured and the frequency of entering passcodes is limited as well as the number of consecutive failed attempts of entering the passcode.

The TOE also enters a locked state after a (configurable) time of user inactivity and the user is required to either enter his passcode or use biometric authentication (fingerprint or face) to unlock the TOE

External entities connecting to the TOE via a secure protocol (Extensible Authentication Protocol Transport Layer Security (EAP-TLS), Transport Layer Security (TLS), IPsec) can be authenticated using X.509 certificates.

Security Management

The security functions listed in the Security Target can be managed either by the user or by an authorized administrator through a Mobile Device Management (MDM) system. The Security Target identifies the functions that can be managed and indicates if the management can be performed by the user, by the authorized administrator, or both.

TOE Security Functionality (TSF) Protection

Some of the functions the TOE implements to protect the TSF and TSF data are:

·       Protection of cryptographic keyskeys used for TOE internal key wrapping and for the protection of data-at-rest are not exportable. There are provisions for fast and secure wiping of key material.

·       Use of memory protection and processor states to separate apps and protect the TSF from unauthorized access to TSF resourcesin addition, each device includes a separate system called the SEP which is the only system that can use the Root Encryption Key (REK). The SEP is a separate CPU that executes a stand-alone operating system and has separate memory.

·       Digital signature protection of the TSF imageall updates to the TSF need to be digitally signed.

·       Software/firmware integrity self-test upon start-upthe TOE will not go operational when this test fails.

·       Digital signature verification for apps

·       Access to defined TSF data and TSF services only when the TOE is unlocked

TOE Access

The TSF provides functions to lock the TOE upon request and after an administrator-configurable time of inactivity.

Access to the TOE via a wireless network is controlled by user/administrator defined policy.

Trusted Path/Channels

The TOE supports the use of the following cryptographic protocols that define a trusted channel between itself and another trusted IT product:

·       IEEE 802.11-2012

·       IEEE 802.11ac-2013 (a.k.a. Wi-Fi 5)

·       IEEE 802.11ax (a.k.a. Wi-Fi 6)

·       IEEE 802.1X

·       EAP-TLS (1.0, 1.1, 1.2)

·       TLS (1.2)

·       IPsec

·       Bluetooth (4.0, 4.2, 5.0)

Security Audit

The TOE provides the ability for responses to be sent from the MDM Device Agent to the MDM Server. These responses are configurable by the organization as per the Over-the-Air Profile Delivery and Configuration document.


Vendor Information


Apple Inc.
Fiona Pattinson
737-219-4141
security-certifications@apple.com

www.apple.com
Site Map              Contact Us              Home