Compliant Product - Apple iOS 11
Certificate Date: 2018.03.30CC Certificate Security Target * Validation Report
Validation Report Number: CCEVS-VR-VID10851-2018
Product Type: Wireless LAN
Conformance Claim: Protection Profile Compliant
PP Identifier: Extended Package for Mobile Device Management Agents Version 3.0
Protection Profile for Mobile Device Fundamentals Version 3.1
Extended Package for Wireless LAN Client Version 1.0
CC Testing Lab: atsec information security corporation
* This is the Security Target (ST) associated with the latest Maintenance Release. To view previous STs for this TOE, click here.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1.5. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1.5. The product, when delivered and configured as identified in the Apple iPad and iPhone Mobile Devices with iOS 11.2 PP_MD_V3.1, EP_MDM_AGENT_V3.0, & PP_WLAN_CLI_EP_V1.0 Common Criteria Guide document, meets the requirements of the Protection Profile for Mobile Device Fundamentals Version 3.1; the Extended Package for Mobile Device Management Agents Version 3.0; the General Purpose Operating Systems Protection Profile/Mobile Device Fundamentals Protection Profile Extended Package (EP) Wireless Local Area Network (WLAN) Client Version 1.0.
Apple iPad and iPhone Mobile Devices with iOS 11.2 PP_MD_V3.1, EP_MDM_AGENT_V3.0, PP_WLAN_CLI_EP_V1.0
The Apple iPad and iPhone Mobile Devices with iOS 11.2 PP_MD_V3.1, EP_MDM_AGENT_V3.0, & PP_WLAN_CLI_EP_V1.0 Common Criteria Guide document satisfies all of the security functional requirements stated in the Apple iPad and iPhone Mobile Devices with iOS 11.2 PP_MD_V3.1, EP_MDM_AGENT_V3.0, & PP_WLAN_CLI_EP_V1.0 Security Target. The project underwent CCEVS Validator review. The evaluation was completed in March, 2018. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report number CCEVS-VR-VID10851-2018, prepared by CCEVS.
The TOE provides cryptographic services for the encryption of data-at rest, for secure communication channels, and for use by applications. In addition, the TOE implements a number of cryptographic protocols that can be used to establish a trusted channel to other IT entities.
As noted in the Security Target, section 184.108.40.206 the TOE provides cryptographic services via the following cryptographic modules.
· The Apple iOS CoreCrypto Kernel Module v8 for ARM
· The Apple iOS CoreCrypto Module v8 for ARM
Identification and Authentication
Except for making emergency calls, using the cameras, and using the flashlight, users need to authenticate using a password or a biometric (fingerprint or face). On power up, or after an update of iOS the user is required to use the password authentication mechanism. This password can be configured for a minimum length, for dedicated password policies and for a maximum life time. When entered, passwords are obscured and the frequency of entering passwords is limited as well as the number of consecutive failed attempts of entering the password. The TOE also enters a locked state after a (configurable) time of user inactivity and the user is required either to enter his password or use biometric authentication (fingerprint or face) to unlock the TOE.
External entities connecting to the TOE via a secure protocol (Extensible Authentication Protocol Transport Layer Security (EAP-TLS), TLS, IPsec) can be authenticated using X.509 certificates.
User Data Protection
User data in files is protected using cryptographic functions, ensuring this data remains protected even if the device gets lost or is stolen. Critical data like passwords used by applications or application defined cryptographic keys can be stored in the key chain, which provides additional protection. Password protection and encryption ensure that data-at-rest remains protected even in the case the device is lost or stolen.
The Secure Enclave Processor (SEP), a separate CPU that executes a stand-alone operating system and has separate memory, provides protection for critical security data such as keys.
Data can also be protected such that only the application that owns the data can access it.
The security functions listed in the Security Target can be managed either by the user or by an authorized administrator through a Mobile Device Management (MDM) system. The Security Target identifies the functions that can be managed and indicates, if the management can be performed by the user, by the authorized administrator, or both.
TOE Security Functionality (TSF) Protection
Some of the functions the TOE implements to protect the TSF and TSF data are:
· Protection of cryptographic keys—keys used for TOE internal key wrapping and for the protection of data-at-rest are not exportable. There are provisions for fast and secure wiping of key material.
· Use of memory protection and processor states to separate applications and protect the TSF from unauthorized access to TSF resources—in addition, each device includes a separate system called the "Secure Enclave Processor” (SEP) which is the only system that can use the Root Encryption Key (REK). The SEP is a separate CPU that executes a stand-alone operating system and has separate memory.
· Digital signature protection of the TSF image—all updates to the TSF need to be digitally signed.
· Software/firmware integrity self-test upon start-up—the TOE will not go operational when this test fails.
· Digital signature verification for applications.
· Access to defined TSF data and TSF services only when the TOE is unlocked.
The TSF provides functions to lock the TOE upon request and after an administrator-configurable time of inactivity.
Access to the TOE via a wireless network is controlled by user/administrator defined policy.
The TOE supports the use of the following cryptographic protocols that define a trusted channel between itself and another trusted IT product:
· IEEE 802.11-2012
· IEEE 802.1X
· IPsec (addressed in a separate evaluation)
The TOE provides the ability for responses to be sent from the MDM Device Agent to the MDM Server. These responses are configurable by the organization using a scripting language given in the Over-the-Air Profile Delivery and Configuration document.Evaluated Configuration
Table 1. Devices Covered by the Evaluation
1 (669) 227-3579