NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Apple iPadOS 15

Certificate Date:  2022.11.04

Validation Report Number:  CCEVS-VR-VID11238-2022

Product Type:    Wireless LAN
   Virtual Private Network
   Network Encryption
   Mobility

Conformance Claim:  Protection Profile Compliant

PP Identifier:    PP-Module for Bluetooth Version 1.0
  PP-Module for MDM Agent Version 1.0
  PP-Module for VPN Client, Version 2.3
  Functional Package for TLS Version 1.1
  Protection Profile for Mobile Device Fundamentals Version 3.2
  Extended Package for Wireless LAN Client Version 1.0

CC Testing Lab:  atsec information security corporation


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The Target of Evaluation (TOE) is Apple iPadOS 15: iPads which is a series of Apple iPad mobile devices running the iPadOS 15 operating system, a Mobile Device Management (MDM) Agent, VPN client, and WLAN client components, which are included on the mobile devices.

The TOE operating system manages the device hardware, provides MDM Agent functionality, and provides the technologies required to implement native applications. It provides a built-in MDM framework application programmer interface (API), giving management features that may be utilized by external MDM solutions, allowing enterprises to use profiles to control some of the device settings.

The TOE operating system provides a consistent set of capabilities allowing the supervision of enrolled devices. This includes the preparation of devices for deployment, the subsequent management of the devices, and the termination of management.


Evaluated Configuration

Devices Covered by the Evaluation

Processor

Device Name

Model Number

A9

iPad 9.7-inch (5th gen)

A1822

A1823

A9X

iPad Pro 9.7-inch

A1673

A1674

A1675

iPad Pro 12.9-inch

A1584

A1652

A10 Fusion

iPad 9.7-inch  (6th gen)

A1893

A1954

iPad 10.2-inch (7th gen)

A2197

A2198

A2199

A2200

A10X Fusion

iPad Pro 12.9-inch (2nd gen)

A1670

A1671

A1821

iPad Pro 10.5-inch

A1701

A1709

A1852

A12 Bionic


iPad mini 7.9-inch (5th gen)

 

 

A2125

A2133

A2124

A2126

iPad Air 10.5-inch (3rd gen)

 

A2152

A2154

A2123

A2153

iPad 10.2-inch (8th gen)

A2270

A2428

A2429

A2430

A12X Bionic

iPad Pro 11-inch

A1934

A1979

A1980

A2013

iPad Pro 12.9-inch (3rd gen)

A2014

A1876

A1895

A1983

A12Z Bionic

iPad Pro 11-inch (2nd gen)

A2068

A2228

A2230

A2231

iPad Pro 12.9-inch (4th gen)

A2069

A2229

A2232

A2233

A13 Bionic

iPad 10.2-inch (9th gen)

A2602

A2603

A2604

A2605

A14 Bionic

iPad Air (4th gen)

A2316

A2324

A2072

A2325

A15 Bionic

iPad mini (6th gen)

A2567

A2568

A2569

M1

iPad Pro 11-inch (3rd gen)

A2301

A2377

A2460

iPad Pro 12.9-inch (5th gen)

A2378

A2379

A2461

A2462


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and  Validation Scheme (CCEVS) process. The criteria against which the Apple iPadOS 15: iPads was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1, R5 supplemented by that found in the Protection Profiles cited above. The product, when delivered and configured as identified in the Apple iOS 15: iPhones and Apple iPadOS 15: iPads Common Criteria Configuration Guide, meets the requirements of the PP-Configuration for Mobile Device Fundamentals, Mobile Device Management Agents, Virtual Private Network Clients, and Bluetooth, Version 1.0; the General Purpose Operating Systems Protection Profile/ Mobile Device Fundamentals Protection Profile Extended Package (EP) Wireless Local Area Network (WLAN) Clients Version 1.0; and the Functional Package for TLS Version 1.1.

Apple iPadOS 15: iPads

The Apple iOS 15: iPhones and Apple iPadOS 15: iPads Common Criteria Configuration Guide document satisfies all the security functional requirements stated in the Apple iPadOS 15: iPads Security Target, version 1.2. The evaluation was subject to CCEVS Validator review. The evaluation was completed in November 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report number CCEVS-VR-VID11238-2022, prepared by CCEVS.


Environmental Strengths

Cryptographic Support

The TOE provides cryptographic services for the encryption of data-at rest, for secure communication channels, and for use by applications. In addition, the TOE implements a number of cryptographic protocols that can be used to establish a trusted channel to other IT entities.

As noted in the Security Target 1.5, the TOE provides cryptographic services via the following cryptographic modules.

·       Apple corecrypto Module v12.0 [Apple ARM, User, Software, SL1] (User Space)

·       Apple corecrypto Module v12.0 [Apple ARM, Kernel, Software, SL1] (Kernel Space)

·       Apple corecrypto Module v12.0 [Apple ARM, Secure Key Store, Hardware, SL2]

Identification and Authentication

Except for making answering calls, emergency calls, accessing Medical ID information, using the cameras (unless their use is generally disallowed), using the flashlight, using the control center, and using the notification center, users need to authenticate using a passcode or a biometric (fingerprint or face). The user is required to use the passcode authentication mechanism under the following conditions.

·       Turn on or restart the device

·       Press the Home button or swipe up to unlock your device (configurable)

·       Update software

·       Erase the device

·       View or change passcode settings

·       Install iPadOS Configuration Profiles

The passcode can be configured for a minimum length, for dedicated passcode policies, and for a maximum lifetime. When entered, passcodes are obscured and the frequency of entering passcodes is limited as well as the number of consecutive failed attempts of entering the passcode.

The TOE also enters a locked state after a (configurable) time of user inactivity and the user is required to either enter his passcode or use biometric authentication (fingerprint or face) to unlock the TOE.

External entities connecting to the TOE via a secure protocol (Extensible Authentication Protocol Transport Layer Security (EAP-TLS), Transport Layer Security (TLS), IPsec) can be authenticated using X.509 certificates.

Security Management

The security functions listed in the Security Target can be managed either by the user or by an authorized administrator through a Mobile Device Management (MDM) system. The Security Target identifies the functions that can be managed and indicates if the management can be performed by the user, by the authorized administrator, or both.

TOE Security Functionality (TSF) Protection

Some of the functions the TOE implements to protect the TSF and TSF data are:

·       Protection of cryptographic keys—keys used for TOE internal key wrapping and for the protection of data-at-rest are not exportable. There are provisions for fast and secure wiping of key material.

·       Use of memory protection and processor states to separate apps and protect the TSF from unauthorized access to TSF resources—in addition, each device includes a separate system called the SEP which is the only system that can use the Root Encryption Key (REK). The SEP is a separate CPU that executes a stand-alone operating system and has separate memory.

·       Digital signature protection of the TSF image—all updates to the TSF need to be digitally signed.

·       Software/firmware integrity self-test upon start-up—the TOE will not go operational when this test fails.

·       Digital signature verification for apps

·       Access to defined TSF data and TSF services only when the TOE is unlocked

TOE Access

The TSF provides functions to lock the TOE upon request and after an administrator-configurable time of inactivity.

Access to the TOE via a wireless network is controlled by user/administrator defined policy.

Trusted Path/Channels

The TOE supports the use of the following cryptographic protocols that define a trusted channel between itself and another trusted IT product:

·       IEEE 802.11-2012

·       IEEE 802.11ac-2013 (a.k.a. Wi-Fi 5)

·       IEEE 802.11ax (a.k.a. Wi-Fi 6)

·       IEEE 802.1X

·       EAP-TLS (1.0, 1.1, 1.2)

·       TLS (1.2)

·       IPsec

·       Bluetooth (4.2, 5.0)

Security Audit

The TOE provides the ability for responses to be sent from the MDM Agent to the MDM Server. These responses are configurable by the organization as per the Device Management document.


Vendor Information


Apple Inc.
Fiona Pattinson
737-219-4141
security-certifications@apple.com

apple.com
Site Map              Contact Us              Home