NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Apple iOS 14 and iPadOS 14: Contacts

Certificate Date:  2021.08.20

Validation Report Number:  CCEVS-VR-VID11191-2021

Product Type:    Application Software

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Application Software Version 1.3

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The TOE is the Apple Contacts application running on Apple iOS 14 and iPadOS 14. Contacts allows a user to access and edit contacts from personal, business, and other accounts.

Contacts is a first-party app, distributed with the operating system of the iPhone and iPad devices. Users can add contacts manually and/or they can be synchronized with an external server.

Note: The TOE is the Contacts application software only. The Apple iOS and iPadOS operating systems have been separately validated by NIAP.


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which Apple iOS 14 and iPadOS 14: Contacts was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Rev. 5.  The product, when configured as identified in the Apple iOS 14 and iPadOS 14: Contacts Common Criteria Configuration Guide, satisfies all of the security functional requirements stated in the Apple iOS 14 and iPadOS 14: Contacts Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in August 2021.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

The TOE provides the security functionality required by the Protection Profile for Application Software Version 1.3 (PP_APP_v1.3).

 

Cryptographic Support

The TOE platform provides HTTPS/TLS functionality to securely communicate with trusted entities. The TOE does not directly perform any cryptographic functions.

 

User Data Protection

The TOE utilizes network and address book access. The TOE requests camera and photos library access to associate pictures with contacts.

 

Identification and Authentication

The TOE uses platform-provided X.509 certificate validation functions to verify the validity and revocation status of HTTPS/TLS server certificates.

 

Security Management

The TOE is installed completely pre-configured. No security related configuration is required for operation.

 

Privacy

The TOE does not request any perstonally identifiable information (PII) with the intent to transmit the data over the network. However, the TOE will transmit contact information at the request of the user.

 

Protection of the TSF

The TOE platform performs cryptographic self-tests at startup to ensure the TOE can properly operate. The TOE platform also verifies all software updates via digital signature.

 

Trusted Path/Channels

The TOE is a software application. The TOE has the ability to establish protected communications using platform-provided TLS/HTTPS.


Vendor Information


Apple Inc.
Fiona Pattinson
+1 669 227 3579
security-certifications@Apple.com

www.apple.com
Site Map              Contact Us              Home