NIAP: U.S. Government Approved Protection Profile - Protection Profile for Mobile Device Management Version 3.0

Short Name: pp_mdm_v3.0

Technology Type: Mobility

CC Version: 3.1

Date: 21 November 2016

Transition End Date: 21 May 2017

Preceded By: pp_mdm_v2.0

Conformance Claim: None



The Mobile Device Management (MDM) system consists of two primary components: the MDM Server software and the MDM Agent. Optionally, the MDM system may consist of a separate Mobile Application Store (MAS) server.  The MDM system operational environment consists of the mobile device on which the MDM Agent resides, the platform on which the MDM Server runs, and an untrusted wireless network over which they communicate. 

The MDM Server is an application on a general-purpose platform or on a network device, executing in a trusted network environment. The MDM Server provides administration of the mobile device policies and reporting on mobile device behavior. The MDM Server is responsible for managing device enrollment, configuring and sending policies to the MDM Agents, collecting reports on device status, and sending commands to the Agents. The platform on which the MDM Server software runs is either a general-purpose platform or a network device.

The MDM Agent establishes a secure connection back to the MDM Server controlled by an enterprise administrator and configures the mobile device per the administrator’s policies. Optionally, the MDM Agent may interact with the MAS Server to download and install enterprise applications. The MDM Agent is addressed in the Extended Package (EP) for MDM Agents. If the MDM Agent is installed on a mobile device as an application developed by the MDM developer, the EP extends this Protection Profile (PP) and is included in the Target of Evaluation (TOE). In this case, the TOE security functionality specified in this PP must be addressed by the MDM Agent in addition to the MDM Server. Otherwise, the MDM Agent is provided by the mobile device vendor and is out of scope of this PP; however, MDMs are required to indicate the mobile platforms supported by the MDM Server and must be tested against the native MDM agent of those platforms.

The MAS Server is an application on a general-purpose platform or on a network device, executing in a trusted network environment. The MAS Server may be separate to or included in the MDM Server. The MAS server hosts applications for the enterprise, authenticates Agents, and securely transmits applications to enrolled mobile devices.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Related Technical Decisions

  • 0305 – Handling of TLS connections with and without mutual authentication
  • 0304 – Update to FCS_TLSC_EXT.1.2
  • 0267 – TLSS testing - Empty Certificate Authorities list
  • 0234 – Appendix H - TLS Mapping Table
  • 0232 – FIA_X509_EXT.1.1 - Compliance to RFC5759 and RFC5280 for using CRLs
  • 0231 – FCS_TLSS_EXT.1.2 - Removal of SSL 1.0
  • 0212 – FCS_HTTPS_EXT.1.3 - TLS Mutual Authentication Update
  • 0163 – Update to FCS_TLSC_EXT.1.1 Test 5.4 and FCS_TLSS_EXT.1.1 Test

Please forward any questions or comments to

Site Map              Contact Us              Home