NIAP: U.S. Government Approved Protection Profile - Protection Profile for Mobile Device Management Version 4.0

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Approved PPs  »»  Details  
U.S. Government Approved Protection Profile - Protection Profile for Mobile Device Management Version 4.0

Short Name: pp_mdm_v4.0

Technology Type: Mobility

CC Version: 3.1

Date: 2019.04.25

Preceded By: pp_mdm_v3.0

Conformance Claim: None

Protection Profile

Protection Profile [PDF]

Control Mapping [PDF]



The MDM Server is software (an application, service, etc.) on a general-purpose platform, a network device, or cloud architecture executing in a trusted network environment. The MDM Server provides administration of the mobile device policies and reporting on mobile device behavior. The MDM Server is responsible for managing device enrollment, configuring and sending policies to the MDM Agents, collecting reports on device status, and sending commands to the Agents. The MDM Server may be standalone or distributed, where a distributed TOE is one that requires multiple distinct components to operate as a logical whole in order to fulfill the requirements of this PP.

The MDM Agent establishes a secure connection back to the MDM Server controlled by an enterprise administrator and configures the mobile device per the administrator's policies. The MDM Agent is addressed in the PP-Module for MDM Agent. If the MDM Agent is installed on a mobile device as an application developed by the MDM developer, it extends this PP and is included in the TOE. In this case, the TOE security functionality specified in this PP must be addressed by the MDM Agent in addition to the MDM Server. Otherwise, the MDM Agent is provided by the mobile device vendor and is out of scope of this PP; however, MDMs are required to indicate the mobile platforms supported by the MDM Server and must be tested against the native MDM agent of those platforms.

The Mobile Application Store (MAS) hosts applications for the enterprise, authenticates Agents, and securely transmits applications to enrolled mobile devices.The MAS functionality can be included as part of the MDM Server Software or can be logically distinct. If the MAS functionality is on a physically separate server, then the TOE is distributed with the MDM Server and MAS Server being separate components.

Assigned to the following Validated Products

Active Related Technical Decisions

Archived Related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home