Compliant Product - Samsung SDS EMM v2.2.5
Certificate Date: 2020.01.27CC Certificate Security Target * Validation Report
Validation Report Number: CCEVS-VR-VID11013-2020
Product Type: Mobility
Conformance Claim: Protection Profile Compliant
PP Identifier: PP-Module for MDM Agent Version 1.0
Functional Package for TLS Version 1.1
Protection Profile for Mobile Device Management Version 4.0
CC Testing Lab: Gossamer Security Solutions
* This is the Security Target (ST) associated with the latest Maintenance Release. To view previous STs for this TOE, click here.
The Target of Evaluation (TOE) is Samsung SDS EMM and EMM Agent for Android version 2.2.5.
The SDS EMM provides centralized management of mobile devices and the EMM Agent for Android (installed on each device) enforces the policies of the Server on each device.
Samsung SDS offers the EMM as a software installation for Java 1.8 and Tomcat 9.0 running on the Microsoft Windows Server 2012 R2 or Windows Server 2016 operating system. Once installed, the EMM allows administrators to configure policies for devices. Administrators connect securely to the EMM using a web browser (whether local to the Server itself or remote) and through the EMM’s web interface can enroll, audit, lock, unlock, manage, and set policies for enrolled mobile devices. The EMM includes the RSA Crypto-J 6.2 cryptographic module as part of its software, and the EMM’s Microsoft Windows platform includes SQL server 2008-2016 and a Microsoft CA certificate authority.
Note that one can install multiple EMM systems in order to allow the overall solution to scale the supported number of mobile devices as a High Availability (HA) option. In this case, the multiple EMM systems can operate concurrently and with the same policies and other information by sharing the same SQL database.
Samsung SDS provides the EMM Agent for Android software for evaluated Samsung mobile devices. The EMM Agent software, once installed and enrolled with the EMM, will apply and enforce administrator configured policies communicated through the EMM to the Agents running on the mobile devices. The scope of supported EMM Agent for Android devices for the evaluation will be limited by the set of devices evaluated on the NIAP PCL.
The product, when delivered and configured as identified in the Samsung SDS EMM Installation Guide, Solution Version 2.2.5, January 2020, Samsung SDS EMM Configuration Guide for IPsec settings in Microsoft Windows Server 2016 for Common Criteria Evaluation, Version 2.2.5, January 2020, and Samsung SDS EMM Administrator’s Guide, Solution Version 2.2.5, January 2020, satisfies all of the security functional requirements stated in the Samsung SDS Co. Ltd. EMM and EMM Agent for Android Security Target, Version 0.9, 27 January 2020. The project underwent CCEVS Validator review. The evaluation was completed in January 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11013-2020) prepared by CCEVS.
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.
The logical boundaries of the EMM and EMM Agent for Android are realized in the security functions that it implements. Each of these security functions is summarized below.
Security audit: The EMM Server can generate and store audit records for security-relevant events as they occur. These events are stored and protected by the EMM Server and can be reviewed by an authorized administrator. The EMM Server can export the majority of audit events directly through the HTTPS protected GUI in a CSV format. Some low-level events are maintained in text files on the TOE platform and can be exported via RDP using the TOE platform. In both cases, the EMM Server protects the exported audit records using TLS (as part of HTTPS and RDP). The EMM Server also supports the ability to query information about MDM agents and export MDM configuration information.
The EMM Agent includes the ability to indicate (i.e., respond) to the EMM Server when it has been enrolled and when it applies policies successfully. The EMM Server can be configured to alert an administrator based on its configuration. For example, it can be configured to alert the administrator when a policy update fails or an MDM Agent has been enrolled.
Cryptographic support: The EMM Server and EMM Agent both include or have access to cryptographic modules with Cryptographic Algorithm Validation Program (CAVP) certified algorithms for a wide range of cryptographic functions including: asymmetric key generation and establishment, encryption/decryption, and cryptographic hashing and keyed-hash message authentication. These functions are supported with suitable random bit generation, initialization vector generation, secure key storage, and key and protected data destruction.
The primitive cryptographic functions are used to implement security communication protocols (TLS and HTTPS) used for communication between the Server and Agent and between the Server and remote administrators.
Identification and authentication: The EMM Server authenticates mobile device users (MD users) and administrators prior to allowing those operators to perform any functions. This includes MD users enrolling their device with the EMM Server using the EMM Agent as well as an administrator logging on to manage the EMM Server configuration, MDM policies for mobile devices, etc.
In addition, both the EMM Server and EMM Agent utilize X.509 certificates, including certificate validation checking, in conjunction with TLS to secure communications between the EMM Server and EMM Agents as well as between the EMM Server and administrators using a web-based user interface for remote administrative access.
Security management: The EMM is designed with two distinct user roles: administrator and mobile device user (MD user). The former interacts directly with the EMM through HTTPS (using a browser) while the latter is the user of a mobile device with the EMM Agent installed.
The EMM provides all the function necessary to manage its own security functions as well as to manage mobile device policies that are sent to EMM Agents. In addition, the EMM ensures that security management functions are limited to authorized administrators while allowing MD users to perform only necessary functions such as enrolling with the EMM.
The EMM Agents provide the functions necessary to securely communicate and enroll with the EMM, apply policies received from the EMM, and report the results of applying policies.
Protection of the TSF: The EMM and Agent work together to ensure that all security related communication between the server and agent components is protected from disclosure and modification.
Both the EMM and Agent include self-testing capabilities to ensure that they are functioning properly as well as to cryptographically verify that their executable images have not been corrupted.
The EMM also includes mechanisms (i.e., verification of the digital signature of each new image) so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE.
TOE access: The MDM Server has the capability to display an advisory banner when users attempt to login in order to manage the TOE.
Trusted path/channels: The EMM uses TLS/HTTPS to secure communication channels between its distributed components and remote administrators accessing the Server via a web-based user interface.
It also uses TLS to secure communication channels between itself and mobile device users (MD users). In this latter case, the protected communication channel is established between the EMM and EMM Agent.
Samsung SDS Co., LTD.