Re: [Fed-Talk] how to deploy an iOS CSfC solution
Re: [Fed-Talk] how to deploy an iOS CSfC solution
- Subject: Re: [Fed-Talk] how to deploy an iOS CSfC solution
- From: "Shawn A. Geddis via Fed-talk" <email@hidden>
- Date: Tue, 08 Oct 2019 13:21:36 -0700
Jonathan,
> https://www.niap-ccevs.org/Product/Maint.cfm?AMID=1445&PID=10937
> Makes reference to iOS 12.1.4 and 12.2 but without re-evaluation.
Ironically, you provided the link to the answer to your own question. :-)
Assurance Continuity - Apple iPad and iPhone Mobile Devices with iOS 12
Assurance Continuity Maintenance Report Link is on that very page —>
CCEVS APPROVED ASSURANCE CONTINUITY MAINTENANCE REPORT
https://www.niap-ccevs.org/MMO/ProductAM/st_vid10937-add1.pd
If you are unfamiliar with Assurance Continuity, here is NIAP’s reference for
you:
Assurance Continuity: Guidance for Maintenance and Re-evaluation
https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/scheme-pub-6.pdf
> Yes, the latest should be the most secure but it hasn't been through the CSfC
> evaluation process which I think will take it off the list of consideration
> to many security officials.
Check and I believe you will find it doesn’t. By the way, it is not a separate
CSfC Evaluation, but rather a Common Criteria Evaluation with specific
requirements on claims called “CSfC Selections” — example of those for MDF -
https://www.nsa.gov/Portals/70/documents/resources/everyone/csfc/capability-packages/CSfC Selections for End User Devices and Mobile Platform_Nov 2018.pdf?ver=2018-11-29-092200-213.
iOS 13 and iPadOS 13 are already underway towards certification.
- Shawn
_____________________________
Shawn Geddis
Security and Certifications Engineer
Platform Security / SEAR
> On Sep 10, 2019, at 8:28 PM, Jonathan Hess via Fed-talk
> <email@hidden> wrote:
>
> Any advice on how to deploy an iOS based CSfC solution on newly acquired
> hardware when Apple no longer signs versions listed as having CSfC
> evaluations / certifications?
>
> https://www.niap-ccevs.org/Product/Compliant.cfm?PID=10937
>
> References iOS 12.
>
> https://www.niap-ccevs.org/Product/Maint.cfm?AMID=1445&PID=10937
>
> Makes reference to iOS 12.1.4 and 12.2 but without re-evaluation.
>
> According to:
>
> https://ipsw.me/iPhone11,2
>
> The oldest version of iOS that Apple still signs is 12.4. To my
> understanding, this means I can't install an older version of iOS that is
> CSfC listed on newly purchased hardware.
>
> Yes, the latest should be the most secure but it hasn't been through the CSfC
> evaluation process which I think will take it off the list of consideration
> to many security officials.
>
> Thanks,
> Jonathan Hess
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden