Assurance Continuity - Samsung Galaxy Devices on Android 10 - Spring
Date of Maintenance Completion: 2020.08.19CC Certificate Validation Report Assurance Activity
Product Type: Virtual Private Network
Conformance Claim: Protection Profile Compliant
PP Identifier: PP-Module for VPN Client Version 2.1
Protection Profile for Mobile Device Fundamentals Version 3.1
Extended Package for Wireless LAN Client Version 1.0
Original Evaluated TOE: 2020.04.30 - Samsung Galaxy Devices on Android 10 - Spring
Please note: The above files are for the Original Evaluated TOE. Consequently, they do not refer to this maintained version, although they apply to the maintained version.
Security Target * Assurance Continuity Maintenance Report Administrative Guide
Please note: This serves as an addendum to the VR for the Original Evaluated TOE.
* This is the Security Target (ST) associated with the latest Maintenance Release. To view previous STs for this TOE, click here.
Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product. Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate. Such assurance can only be gained through re-evaluation.
Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary. A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target. Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents.
Samsung added several device models to the evaluated TOE. The following table summarizes the devices that were originally evaluated:
Table 1 Samsung Galaxy devices originally evaluated
Table 2 Complete list of devices covered by assurance maintenance
Some of the devices have also been updated to support different fingerprint biometric authentication subsystems to accommodate the various form factors and screen sizes of the various device models (as summarized in the following table). The biometric hardware and software components remain unchanged from the ones that were part of the original evaluation.
Table 3 Biometrics capabilities on claimed devices
The major change undertaken with this maintenance action is to add a set of devices to the already-evaluated products, with hardware changes that do not affect the evaluated security functional requirements. As described earlier, these hardware changes relate to form factor, input capabilities, modifications to the biometrics subsystems to accommodate the various form factors, and screen sizes.
The firmware and system software on the devices have been periodically updated as part of Samsung’s normal update process, which covers both planned and emergency updates that address both security and functionality aspects of the devices. These changes do not affect the SFRs and are not covered by this assurance maintenance action. There were no other relevant changes to the devices because all other changes to application software are out of scope of the evaluation and do not affect the originally evaluated security functional requirements.
Samsung Electronics Co., Ltd.