NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Apple macOS 11 Big Sur: Contacts

Certificate Date:  2022.02.28

Validation Report Number:  CCEVS-VR-VID11243-2022

Product Type:    Application Software

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Application Software Version 1.3

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The TOE is the Apple Contacts application running on Apple macOS 11 Big Sur. Contacts allows a user to access and edit contacts from personal, business, and other accounts.

Contacts is a first-party app, bundled with Apple macOS 11 Big Sur. Users can add contacts manually and/or contacts can be securely synchronized with an external server.


Evaluated Configuration

The TOE is version 13.0 of the Apple Contacts application running on Apple macOS 11 Big Sur. The TOE was tested on version 11.4 Apple macOS 11 Big Sur.


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. The criteria against which the Apple macOS 11 Big Sur: Contacts was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5.The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5.The product, when delivered configured as identified in the Apple macOS 11 Big Sur: Contacts Common Criteria Configuration Guide V1.0, dated January 2022, satisfies all of the security functional requirements stated in the Apple macOS 11 Big Sur: Contacts Security Target V1.2, dated February 2022. The project underwent CCEVS Validator review.The evaluation was completed in February 2022.Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID11243-2022, prepared by CCEVS.


Environmental Strengths

Cryptographic Support

The TOE platform provides HTTPS/TLS functionality to securely communicate with trusted entities. The TOE does not directly perform any cryptographic functions.

User Data Protection

The TOE utilizes network and address book access. The TOE uses the camera and photos library to associate pictures with contacts.

Identification and Authentication

The TOE uses platform-provided X.509 certificate validation functions to verify the validity and revocation status of HTTPS/TLS server certificates.

Security Management

The TOE provides the user with the ability to add, delete, and enable/disable accounts.

Privacy

The TOE does not request any personal identifying information (PII) with the intent to transmit the data over the network. However, the TOE will transmit contact information at the request of the user.

Protection of the TSF

The TOE is compatible with all platform-provided security features such as ASLR and application sandboxing. The TOE is compiled with stack-based overflow protections and does not include any third-party libraries. The TOE platform also verifies all software updates have valid digital signatures prior to installing the updates.

Trusted Path/Channels

The TOE can establish protected communications using platform-provided TLS/HTTPS.


Vendor Information


Apple Inc.
Fiona Pattinson
+1 669 227 3579
security-certifications@Apple.com

https://apple.com
Site Map              Contact Us              Home