[Fed-Talk] [Explained] iOS 12 CCC — A7
[Fed-Talk] [Explained] iOS 12 CCC — A7
- Subject: [Fed-Talk] [Explained] iOS 12 CCC — A7
- From: "Shawn A. Geddis" <email@hidden>
- Date: Wed, 27 Mar 2019 14:51:11 -0700
Common Criteria Certification Interested Communities,
Apple Inc.’s Platform Security Certifications Program wanted to address a
question several have asked and you may be asking yourself.
Question:
Why aren’t the A7 based devices included in the iOS 12 Common Criteria
Certification even though they are supported by iOS 12?
Answer:
The WLAN core incorporated into all A7 based iOS devices predates the
requirements for a NIST CAVP/CMVP certificate for the AES-CCM implementation
used in 802.11 products. A7 based devices were released five years ago (2013
- 2014) and the requirement was put into place on 19 November 2014 — NIAP
Policy Letter #23. All A7 based devices had been Wi-Fi CERTIFIEDTM by the
Wi-Fi Alliance®. The A7 based devices were evaluated against and found to be
fully compliant, without question, with the MDF PP and WLAN EP for iOS 9, iOS
10 and iOS 11. It is simply that there is no NIST CAVP/CMVP certificate which
can be obtained for these cores that prevents their inclusion from the VID10937
Certification for iOS 12.
On 19 November 2014, NIAP issued the following Policy Letter (with brief
snippets for reference)
NIAP Policy Letter #23
https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/archived/policy-ltr-23.pdf
<https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/archived/policy-ltr-23.pdf>
Which reads (in part):
PURPOSE: This policy specifies an interim approach for IEEE 802.11-2012
wireless products to be compliant with the NIAP Wireless Local Area Network
(WLAN) Client PP and the NIAP Mobile Device Fundamentals PP.
POLICY: All products using a wireless chipset submitted to NIAP CCEVS for
evaluation against the NIAP WLAN Client PP or the NIAP Mobile Device
Fundamentals PP on or after 1 January 2016 must provide a valid NIST
certificate reference for AES- CCM used in CCMP. For products submitted prior
to 1 January 2016, if the AES-CCM used in IEEE 802.11-2012 applications does
not have a NIST CAVP certificate, the product must implement Wi-Fi Protected
Access® 2 (WPA2) Enterprise and be Wi-Fi CERTIFIEDTM by the Wi-Fi Alliance®.
The Security Target must include a statement to this effect, which is to be
verified by the CCTL during the evaluation.
EFFECTIVE DATE: All relevant evaluations submitted to NIAP on or after 1
January 2016 must have a NIST CAVP/CMVP certificate demonstrating AES-CCM
compliance.
Impact:
NIAP is enforcing a requirement they have had in place since January 1, 2016.
The following devices are unable to be included and do not appear in Table 1:
Devices Covered by the Evaluation for VID10937.
iPhone 5s A1518, A1528, A1530, A1533, A1453, A1457
iPad Air A1474, A1475, A1476
iPad mini 3 A1599, A1600, A1601
iPad mini 2 A1489, A1490, A1491
We hope this information and transparency is helpful in your planning and
deploying of Apple certified platforms.
brought to you by the…
Apple Platform Security Certifications Program
email@hidden <mailto:email@hidden>
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden