Assurance Continuity - Samsung Galaxy Devices on Android 9
Date of Maintenance Completion: 2019.12.17CC Certificate Validation Report Assurance Activity
Product Type: Virtual Private Network
Conformance Claim: Protection Profile Compliant
PP Identifier: PP-Module for VPN Client Version 2.1
Protection Profile for Mobile Device Fundamentals Version 3.1
Extended Package for Wireless LAN Client Version 1.0
Original Evaluated TOE: 2019.08.02 - Samsung Galaxy Devices on Android 9
VPN Client Administrative Guide
Please note: The above files are for the Original Evaluated TOE. Consequently, they do not refer to this maintained version, although they apply to the maintained version.
Security Target * Assurance Continuity Maintenance Report Administrative Guide
Please note: This serves as an addendum to the VR for the Original Evaluated TOE.
* This is the Security Target (ST) associated with this latest Maintenance Release. To view previous STs for this TOE, click here.
Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product. Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate. Such assurance can only be gained through re-evaluation.
Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary. A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target. Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents.
There are no changes to the evaluated TOEs. Rather, the Assurance Maintenance updated the list of products covered by the evaluation to include the Galaxy XCover FieldPro, designed for public safety and similar requirements. The Galaxy XCover FieldPro is added as an equivalent to the evaluated Samsung Galaxy S9+.
The addition of the new devices does not impact the functionality required by any of the PPs and EPs under which the original devices were evaluated. There are no changes to any of the SFRs that were claimed under the original evaluation. The device that was added under this Assurance Maintenance action differs from the evaluated Samsung Galaxy devices only in its form factor/screen size and input capabilities.
The Galaxy XCover FieldPro is built on the same hardware as the S9+ series of devices with the Exynos 9810 SoC, but with physical changes to meet the target market. It is designed for use with gloved hands (physical buttons), a replaceable battery, and the ability to program a key to specific functions on the device. The XCover FieldPro also supports PTT (Push-to-Talk).
The table below lists the set of devices covered by this Assurance Maintenance and includes the new Galaxy XCover FieldPro device.
Table 1 TOE Identification
The Carrier Models table specifies the specific versions of the devices, which have the validated configuration. These additional letters/numbers denote carrier specific models (such as V = Verizon Wireless). Only models with the suffixes listed in the table can be placed into the validated configuration. This table differs from the evaluated version only in that it adds the Galaxy XCover FieldPro.
Table 2 TOE Carrier Models
Samsung Electronics Co., Ltd.