Compliant Product - Apple macOS 11 Big Sur: Contacts
Certificate Date: 2022.02.28CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11243-2022
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Application Software Version 1.3
CC Testing Lab: Acumen Security
The TOE is the Apple Contacts application running on Apple macOS 11 Big Sur. Contacts allows a user to access and edit contacts from personal, business, and other accounts.
Contacts is a first-party app, bundled with Apple macOS 11 Big Sur. Users can add contacts manually and/or contacts can be securely synchronized with an external server.
The TOE is version 13.0 of the Apple Contacts application running on Apple macOS 11 Big Sur. The TOE was tested on version 11.4 Apple macOS 11 Big Sur.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. The criteria against which the Apple macOS 11 Big Sur: Contacts was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5.The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5.The product, when delivered configured as identified in the Apple macOS 11 Big Sur: Contacts Common Criteria Configuration Guide V1.0, dated January 2022, satisfies all of the security functional requirements stated in the Apple macOS 11 Big Sur: Contacts Security Target V1.2, dated February 2022. The project underwent CCEVS Validator review.The evaluation was completed in February 2022.Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID11243-2022, prepared by CCEVS.
The TOE platform provides HTTPS/TLS functionality to securely communicate with trusted entities. The TOE does not directly perform any cryptographic functions.
User Data Protection
The TOE utilizes network and address book access. The TOE uses the camera and photos library to associate pictures with contacts.
Identification and Authentication
The TOE uses platform-provided X.509 certificate validation functions to verify the validity and revocation status of HTTPS/TLS server certificates.
The TOE provides the user with the ability to add, delete, and enable/disable accounts.
The TOE does not request any personal identifying information (PII) with the intent to transmit the data over the network. However, the TOE will transmit contact information at the request of the user.
Protection of the TSF
The TOE is compatible with all platform-provided security features such as ASLR and application sandboxing. The TOE is compiled with stack-based overflow protections and does not include any third-party libraries. The TOE platform also verifies all software updates have valid digital signatures prior to installing the updates.
The TOE can establish protected communications using platform-provided TLS/HTTPS.
+1 669 227 3579