Compliant Product - Apple iOS 16: iPhones
Certificate Date:
2023.10.10
CC Certificate
Security Target
Validation Report
Validation Report Number: CCEVS-VR-VID11349-2023 Product Type: Virtual Private Network Mobility Biometrics Conformance Claim: Protection Profile Compliant PP Identifier: PP-Module for Bluetooth Version 1.0 collaborative Protection Profile Module for Biometric enrolment and verification - for unlocking the device v1.1 PP-Module for MDM Agent Version 1.0 PP-Module for VPN Client, Version 2.4 PP-Module for Wireless Local Area Network (WLAN) Client Version 1.0 Functional Package for TLS Version 1.1 Protection Profile for Mobile Device Fundamentals Version 3.3 CC Testing Lab: atsec information security corporation Assurance Activity Administrative Guide
Product Description
The Target of Evaluation (TOE) is Apple iOS 16: iPhones, which is a series of Apple iPhone mobile devices running the iOS 16 operating system, a Mobile Device Management (MDM) Agent, VPN client, and WLAN client components, which are included on the mobile devices. The TOE operating system manages the device hardware, provides MDM Agent functionality, and provides the technologies required to implement native applications. It provides a built-in MDM framework application programmer interface (API), giving management features that may be utilized by external MDM solutions, allowing enterprises to use profiles to control some of the device settings. The TOE operating system provides a consistent set of capabilities allowing the supervision of enrolled devices. This includes the preparation of devices for deployment, the subsequent management of the devices, and the termination of management.
Evaluated Configuration
Devices Covered by the Evaluation
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the Apple iOS 16: iPhones was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R5. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1, R5 supplemented by that found in the Protection Profiles cited above. The product, when delivered and configured as identified in the Apple iOS 16: iPhones and Apple iPadOS 16: iPads Common Criteria Configuration Guide, meets the requirements of the PP-Configuration for Mobile Device Fundamentals, Biometric enrollment and verification – for unlocking the device, Bluetooth, MDM Agents, Virtual Private Network (VPN) Clients, and WLAN Clients, Version 1.0; and the Functional Package for TLS Version 1.1. The evaluation was completed in October 2023. Apple iOS 16: iPhonesThe Apple iOS 16: iPhones and Apple iPadOS 16: iPads Common Criteria Configuration Guide document satisfies all of the security functional requirements stated in the Apple iOS 16: iPhones Security Target, version 1.1. The evaluation was subject to CCEVS Validator review. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report number CCEVS-VR-VID11349-2023, prepared by CCEVS.
Environmental Strengths
Cryptographic SupportThe TOE provides cryptographic services via the following cryptographic modules for the encryption of data at rest, for secure communication channels, and for use by applications. In addition, the TOE implements a number of cryptographic protocols that can be used to establish a trusted channel to other IT entities. · Apple corecrypto Module v13.0 [Apple ARM, User, Software, SL1] · Apple corecrypto Module v13.0 [Apple ARM, Kernel, Software, SL1] · Apple corecrypto Module v13.0 [Apple ARM, Secure Key Store, Hardware, SL2] Identification and AuthenticationExcept for accessing Medical ID information, answering calls, making emergency calls, using the cameras (unless their use is generally disallowed), using the control center, using the flashlight, using the notification center, users need to authenticate using a passcode or a biometric (fingerprint or face). The user is required to use the passcode authentication mechanism under the following conditions. · Turn on or restart the device · Press the Home button or swipe up to unlock your device (configurable) · Update software · Erase the device · View or change passcode settings (including biometric enrollment) · Install iOS Configuration Profiles The passcode can be configured for a minimum length, for dedicated passcode policies, and for a maximum lifetime. When entered, passcodes are obscured and the frequency of entering passcodes is limited as well as the number of consecutive failed attempts of entering the passcode. The TOE also enters a locked state after a (configurable) time of user inactivity and the user is required to either enter his passcode or use biometric authentication (fingerprint or face) to unlock the TOE External entities connecting to the TOE via a secure protocol (e.g., Transport Layer Security (TLS), Extensible Authentication Protocol Transport Layer Security (EAP-TLS), IPsec) can be authenticated using X.509 certificates. Security ManagementThe security functions listed in the Security Target can be managed either by the user or by an authorized administrator through a Mobile Device Management (MDM) system. The Security Target identifies the functions that can be managed and indicates if the management can be performed by the user, by the authorized administrator, or both. TOE Security Functionality (TSF) ProtectionSome of the functions the TOE implements to protect the TSF and TSF data are: · Protection of cryptographic keys—keys used for TOE internal key wrapping and for the protection of data at rest are not exportable. There are provisions for fast and secure wiping of key material · Use of memory protection and processor states to separate apps and protect the TSF from unauthorized access to TSF resources—in addition, each device includes a separate system called the SEP which is the only system that can use the Root Encryption Key (REK). The SEP is a separate CPU that executes a stand-alone operating system and has separate memory. · Digital signature protection of the TSF image—all updates to the TSF need to be digitally signed · Software/firmware integrity self-test upon start-up—the TOE will not go operational when this test fails. · Digital signature verification for apps · Access to defined TSF data and TSF services only when the TOE is unlocked TOE AccessThe TSF provides functions to lock the TOE upon request and after an administrator-configurable time of inactivity. Access to the TOE via a wireless network is controlled by user/administrator-defined policy. Trusted Path/ChannelsThe TOE supports the use of the following cryptographic protocols that define a trusted channel between itself and another trusted IT product: · IEEE 802.11-2012 · IEEE 802.11ac-2013 (a.k.a. Wi-Fi 5) · IEEE 802.11ax (a.k.a. Wi-Fi 6) · IEEE 802.1X · EAP-TLS (v1.1, v1.2) · TLS (1.2) · IPsec · Bluetooth (v5.0, v5.3) Security AuditThe TOE provides the ability for responses to be sent from the MDM Device Agent to the MDM Server. These responses are configurable by the organization. Vendor InformationApple Inc. Nina Kominiak +1 907 227 9672 security-certifications@apple.com https://support.apple.com/guide/certifications/welcome/web |