NIAP: Assurance Continuity
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Product Entry  »»  Assurance Continuity  
Assurance Continuity - Maintenance Update for: Apple iPad and iPhone Mobile Devices with iOS 11.2

Date of Maintenance Completion:  2018.07.17

Product Type:    Wireless LAN
   Mobility

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Extended Package for Mobile Device Management Agents Version 3.0
  Protection Profile for Mobile Device Fundamentals Version 3.1
  Extended Package for Wireless LAN Client Version 1.0

Original Evaluated TOE:  2018.03.30 - Apple iOS 11

CC Certificate [PDF] Validation Report [PDF] Assurance Activity [PDF]

Administrative Guide [PDF]

Please note:  The above files are for the Original Evaluated TOE.  Consequently, they do not refer to this maintained version, although they apply to the maintained version. 

Security Target [PDF] * Assurance Continuity Maintenance Report [PDF] Administrative Guidance [PDF]

Please note:  This serves as an addendum to the VR for the Original Evaluated TOE. 

* This is the Security Target (ST) associated with this latest Maintenance Release.  To view previous STs for this TOE, click here.

Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product.  Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate.  Such assurance can only be gained through re-evaluation. 

Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary.  A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target.  Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents. 

Product Description

The Apple iPad 9.7-inch (models A1893 and A1954) released in 2018 a few days before the TOE was validated and therefore could not be included in the evaluation. These devices run the latest version of iOS 11 and contain the A10 Fusion processor, the same processor used by the iPhone 7 and iPhone 7 Plus that were included in the testing for the evaluation.

The Apple iPad Pro 9.7-inch (model A1675) released in 2016 and was intended to have been included in the evaluation. This omission was discovered in the process of gathering information to add the 2018 iPad 9.7-inch described above. The 2016 iPad Pro 9.7-inch runs the latest version of iOS 11 and contains the A9X processor, the same processor used by the other iPad Pro 9.7-inch models (A1673 and A1674) that were included in the evaluation.

No security relevant changes were made to the TOE hardware, the inclusion of the additional hardware devices does not change any of the security functions that are claimed in the Security Target.  The hardware models added are to an existing series of evaluated and supported models. As the additional models use the same processors as devices tested under the VID10851 evaluation, no new NIST CAVP certificates are required.

Since the evaluation was completed, several minor updates of iOS have been released as normal maintenance updates to iOS. Each of those updates included security-related fixes. All publicly disclosed vulnerabilities applicable to the TOE since the evaluation have been mitigated in the subsequent maintenance updates.

 

The evaluation evidence consists of the Impact Analysis Report (IAR) and supporting vulnerability analysis update, dated July 11, 2018.  

The original evaluation was performed against the collaborative Protection Profile for Network Devices Version 1.0 and the ST referenced validated CAVP certificates. No changes were made to the processor and therefore no modifications were required to any of the valid NIST certificates.

Changes to TOE: 

Additional hardware devices added to the supported device list. WiFi Alliance certificates were obtained for the new device models A1893 and A1954; WFA76387 and WFA76394 respectively. 

Affected Developer Evidence:

None

Regression Testing:

The vendor performed regression testing to ensure correct operation of the hardware and software as a matter of course. 

Vulnerability Analysis:

A new CVE search was conducted on 2018-07-11 using the same search terms and web sites used in the search performed VID10851 and no outstanding vulnerabilities were found related to the devices.

Vendor Information


Apple Inc.
Shawn Geddis
1 (669) 227-3579
geddis@apple.com

www.apple.com
Site Map              Contact Us              Home