NIAP: Assurance Continuity
  NIAP  »»  Product Compliant List  »»  Product Entry  »»  Assurance Continuity  
Assurance Continuity - Samsung Galaxy S9 Tactical Edition

Date of Maintenance Completion:  2018.10.18

Product Type:    Wireless LAN
   Virtual Private Network

Conformance Claim:  Protection Profile Compliant

PP Identifier:    PP-Module for VPN Client Version 2.1
  Protection Profile for Mobile Device Fundamentals Version 3.1
  Extended Package for Wireless LAN Client Version 1.0

Original Evaluated TOE:  2018.05.29 - Samsung Galaxy Devices on Android 8

CC Certificate [PDF] Validation Report [PDF] Assurance Activity [PDF]

Mobile Administrative Guide [PDF]

VPN Client Administrative Guide [PDF]

Please note:  The above files are for the Original Evaluated TOE.  Consequently, they do not refer to this maintained version, although they apply to the maintained version. 

Security Target [PDF] * Assurance Continuity Maintenance Report [PDF]

Please note:  This serves as an addendum to the VR for the Original Evaluated TOE. 

* This is the Security Target (ST) associated with this latest Maintenance Release.  To view previous STs for this TOE, click here.

Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product.  Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate.  Such assurance can only be gained through re-evaluation. 

Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary.  A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target.  Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents. 

Product Description

The specific device in question is a new variation of the Galaxy S9 (SM-G960U). The S9 Tactical Edition (SM-G960U, device build G960UZKAN14) is designed to meet the requirements for Tactical deployments. The device is identical hardware to SM-G960U but with a modified system image. No documentation updates were made for the new device except for the addition of the Application List in the website above. The non-security related changes that were made to the device center on SIM card usage, additional configuration options for networking and user input, and the removal of pre-installed apps. The changes and effects of additional features and support are summarized below. 


1.      SIM card & Network configuration

Security Consideration


·         SIM card configuration

o   Within the US only an AT&T SIM is allowed

o   Global Roaming with AT&T SIM is supported

o   Outside of the US, regional SIM cards can be used

o   All pop-ups related to the SIM such as when the SIM card is removed will not appear

This is not security relevant because the claimed and tested MDF functionality remains the same.

·         Network related Settings

o   Multiple Ethernet interfaces are supported at once (up to 2)

o   IP shell commands to configure Ethernet settings at the Linux layer

Multiple Ethernet interface support and additional command line settings do not affect the security functionality of the device as the claimed and tested MDF functionality remains the same.

·         New Management APIs to perform the following:

o   The ability to turn off/block all cellular network access

o   The ability to enable glove mode features (screen sensitivity)

o   The ability to remap the Bixby hardware button


This is not security relevant because the claimed and tested MDF functionality remains the same.

2.      Pre-installed apps

Security Consideration


Pre-installed apps from the SM-G960U device removed

Pre-installed apps are provided by device manufacturers, OS developers, and mobile carriers. They provide capabilities outside of scope and do not provide security functionality mandated by the MDF PP.


Therefore, the removal of these pre-installed apps does not affect the original assurance of the product.


3.      General Security Updates


Security Consideration


The S9 Tactical Edition will receive regular security updates based on a modified release cycle. The devices are generally expected to only attach to closed networks and not directly to the internet, even when connecting via cellular service (the expected deployments generally utilize dedicated cellular APNs or Always-on VPN configurations to limit exposure).

The base device for the S9 Tactical Edition device receives regular updates to maintain the overall security of the system as expected under a Common Criteria evaluation. Samsung works with Google to create update packages on a monthly basis for deployment. Updates for the S9 Tactical Edition would be based on the current update level at the time the update is created.

Updates for the S9 Tactical Edition are planned every 6 months and will be made available directly from Samsung to customers of the device. These updates can be deployed either through physical flashing or by FOTA (if the customer has the capability to perform such deployments). Additional updates may be generated and provided as needed based on the severity of a chosen CVE.

Samsung reviews the CVE database and prepares patches for applicable vulnerabilities on a regular basis and adds these into the SMRs for deployment during these updates.


This is consistent with all applicable NIAP policies and MDF requirements related to vulnerabilities. The updates being delivered are direct from the vendor, consistent with the claims given in the IAR. Thus, original assurance is maintained.


Vendor Information

Samsung Electronics Co., Ltd.
Brian Wood
Site Map              Contact Us              Home