NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Apple iOS 11 Safari

Certificate Date:  2018.11.09

Validation Report Number:  CCEVS-VR-VID10916-2018

Product Type:    Application Software
   Web Browser

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Application Software Version 1.2
  Extended Package for Web Browsers v2.0

CC Testing Lab:  Acumen Security

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The TOE is the Apple iOS 11 Safari application which runs on iPad and iPhone devices. The product provides access to HTTPS/TLS connections via a browser for user connectivity. The TOE is the Safari software only. The Apple iOS operating system has been separately validated (VID 10851). The TOE is an application on a mobile operating system. The mobile operating system and hardware platforms are part of the TOE environment. The evaluated version of the TOE is version 11.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Apple iOS 11 Safari was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4. The product, when delivered configured as identified in the Apple iOS 11 Safari Common Criteria Configuration Guide, version 1.2, satisfies all of the security functional requirements stated in the Apple iOS 11 Safari Security Target, version 1.0. The project underwent CCEVS Validator review. The evaluation was completed November 9, 2018.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

Cryptographic Support

The TOE provides TLS/HTTPS connectivity for users attempting to communicate with secure URLs. The TOE does not directly perform any cryptographic functions. The TOE invokes the iOS platform cryptography for secure credential storage.

User Data Protection

The TOE requests access to network connectivity, camera, microphone, location services, and address book, and communicates with the wireless network when invoked by the user. The TOE runs inside of a sandbox where each browser tab is isolated. In addition, the TOE supports the ‘secure’ attribute and blocking of third-party cookies.

Identification and Authentication

All validation of X.509 certificates is performed by the iOS platform that the TOE is running on.

Security Management

The TOE platform provides the ability to configure the TOE. No credentials are installed by default.


If the user logs into iCloud Account on two or more devices, the TOE permits two devices within Bluetooth range of each other to automatically “continue” browsing with the same URL provided via iCloud.

Examples of this include the use of “allow sending diagnostic and usage data to Apple” or “Allow modifying diagnostic settings”.  This does not send PII, but can be misunderstood as sending identifiable data. 

The TOE will transmit contact information at the request of a user. The TOE provides a notification when sharing this information. 

Protection of the TSF

The TOE does not permit automatic downloads. All downloads are at the request of a user and require approval. The TOE does not support add-ons. The only supported mobile code is signed JavaScript. No third-party libraries are leveraged by the TOE. The TOE platform verifies all software updates via digital signature.

Trusted Path/Channels

The TOE is a software application. The TOE has the ability to establish HTTPS/TLS protected communications.

Vendor Information

Apple Inc.
Shawn Geddis
Site Map              Contact Us              Home