Compliant Product - Samsung SDS EMM and EMM Agent for Android v2.2.5
Certificate Date: 2023.06.16CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11362-2023
Product Type: Mobility
Conformance Claim: Protection Profile Compliant
PP Identifier: PP-Module for MDM Agent Version 1.0
Functional Package for TLS Version 1.1
Protection Profile for Mobile Device Management Version 4.0
CC Testing Lab: Gossamer Security Solutions
Administrative Guide: Samsung EMM Administrator's Guide
Administrative Guide: Samsung SDS EMM Installation Guide
Administrative Guide: Samsung SDS EMM Configuration Guide for Ipsec settings in Microsoft Windows Server 2016/2019 for Common Criteria Evaluation
The Target of Evaluation (TOE) is Samsung SDS EMM and EMM Agent for Android version 2.2.5.
The SDS EMM provides centralized management of mobile devices and the EMM Agent for Android (installed on each device) enforces the policies of the Server on each device.
Samsung SDS offers the EMM as a software installation for Java 1.8 running on the Microsoft Windows Server 2016 or Windows Server 2019 operating system. Once installed, the EMM allows administrators to configure policies for devices and also serves as a Mobile Application Store (MAS) server to serve configured applications to enrolled devices. Administrators connect securely to the EMM using a web browser (whether local to the Server itself or remote) and through the EMM’s web interface can enroll, audit, lock, unlock, manage, and set policies for enrolled mobile devices. The EMM includes the RSA Crypto-J 6.3 cryptographic module as part of its software, and the EMM’s Microsoft Windows platform includes SQL server 2008-2016, 2019 and a Microsoft Certificate Authority.
Note that one can install multiple EMM systems in order to allow the overall solution to scale the supported number of mobile devices as a High Availability (HA) option. In this case, the multiple EMM systems can operate concurrently and with the same policies and other information by sharing the same SQL database.
Samsung SDS provides the EMM Agent for Android software for evaluated Samsung mobile devices. The EMM Agent software, once installed and enrolled with the EMM, will apply and enforce administrator configured policies communicated through the EMM to the EMM Agent’s running on the mobile devices. The scope of supported EMM Agent for Android devices for the evaluation will be limited by the set of devices evaluated on the NIAP PCL.
While Samsung SDS does not provide an iOS agent, the EMM is designed to work with the iOS agents developed and evaluated by Apple. Since the iOS agents are evaluated as part of the Apple iOS evaluations, the EMM was tested only to ensure it can manage those devices, but the agent’s behavior on those devices was not otherwise tested. The support is limited by the set of devices evaluated on the NIAP PCL.
 Note that while the EMM Server and Android Agent are version 2,2.5, the supporting Push Agent for Android is version 2.5.1.
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the Samsung EMM Administrator’s Guide, Solution version 2.2.5, January 2023, Samsung EMM Installation Guide, Solution version 2.2.5, January 2023, and Samsung SDS EMM Configuration Guide for IPsec settings in Microsoft Windows Server 2016/2019 for Common Criteria Evaluation, Solution version 2.2.5, January 27, 2023 documents, satisfies all of the security functional requirements stated in the Samsung SDS EMM and EMM Agent for Android 2.2.5 Security Target, Version 0.92, May 26, 2023. The project underwent CCEVS Validator review. The evaluation was completed in June 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11362-2023) prepared by CCEVS.
The logical boundaries of the EMM and EMM Agent for Android 2.2.5 are realized in the security functions that it implements. Each of these security functions is summarized below.
The EMM can generate and store audit records for security-relevant events as they occur. These events are stored and protected by the EMM and can be reviewed by an authorized administrator. The EMM can export the majority of audit events directly through the HTTPS protected GUI in a CSV format. Some low-level events are maintained in text files on the TOE platform and can be exported via RDP using the TOE platform. In both cases, the EMM protects the exported audit records using TLS (as part of HTTPS and RDP). The EMM also supports the ability to query information about MDM agents and export MDM configuration information.
The EMM Agent includes the ability to indicate (i.e., respond) to the EMM when it has been enrolled and when it applies policies successfully. The EMM can be configured to alert an administrator based on its configuration. For example, it can be configured to alert the administrator when a policy update fails or an MDM Agent has been enrolled.
The EMM and EMM Agent both include or have access to cryptographic modules with Cryptographic Algorithm Validation Program (CAVP) certified algorithms for a wide range of cryptographic functions including: asymmetric key generation and establishment, encryption/decryption, and cryptographic hashing and keyed-hash message authentication. These functions are supported with suitable random bit generation, initialization vector generation, secure key storage, and key and protected data destruction.
The primitive cryptographic functions are used to implement security communication protocols (TLS and HTTPS) used for communication between the Server and Agent and between the Server and remote administrators.
Identification and authentication:
The EMM authenticates mobile device users (MD users) and administrators prior to allowing those operators to perform any functions. This includes MD users enrolling their device with the EMM using the EMM Agent as well as an administrator logging on to manage the EMM configuration, MDM policies for mobile devices, etc.
In addition, both the EMM and Agent utilize X.509 certificates, including certificate validation checking, in conjunction with TLS to secure communications between the EMM and EMM Agents as well as between the EMM and administrators using a web-based user interface for remote administrative access.
The EMM is designed with two distinct user roles: administrator and mobile device user (MD user). The former interacts directly with the EMM through HTTPS (using a browser) while the latter is the user of a mobile device with the EMM Agent installed.
The EMM provides all the function necessary to manage its own security functions as well as to manage mobile device policies that are sent to EMM Agents. In addition, the EMM ensures that security management functions are limited to authorized administrators while allowing MD users to perform only necessary functions such as enrolling with the EMM.
The EMM Agents provide the functions necessary to securely communicate and enroll with the EMM, apply policies received from the EMM, and report the results of applying policies.
Protection of the TSF:
The EMM and Agent work together to ensure that all security related communication between the server and agent components is protected from disclosure and modification.
Both the EMM and Agent include self-testing capabilities to ensure that they are functioning properly as well as to cryptographically verify that their executable images have not been corrupted.
The EMM also includes mechanisms (i.e., verification of the digital signature of each new image) so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE.
The MDM Server has the capability to display an advisory banner when users attempt to login in order to manage the TOE.
The EMM uses TLS/HTTPS to secure communication channels between its distributed components and remote administrators accessing the Server via a web-based user interface.
It also uses TLS to secure communication channels between itself and mobile device users (MD users). In this latter case, the protected communication channel is established between the EMM and EMM Agent.
Samsung SDS Co., LTD