National Information Assurance Partnership
Common Criteria Evaluation and Validation Scheme
Validation Report
MobileIron Platform Version 10
Report Number: CCEVS-VR-10934-2019
Dated: 02/22/2019
Version: 0.3
National Institute of Standards and Technology National Security Agency
Information Technology Laboratory Information Assurance Directorate
100 Bureau Drive 9800 Savage Road STE 6940
Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6940
MobileIron Platform Validation Report Version 0.3, 02/22/2019
ii
ACKNOWLEDGEMENTS
Validation Team
Kenneth Elliot
The Aerospace Corporation
Lisa Mitchell
Michelle Carlson
John Butterworth
Stelios Melachrinoudis
The MITRE Corporation
Common Criteria Testing Laboratory
Raymond Smoley
Catherine Sykes
John Messiha
Gossamer Security Solutions, Inc.
Catonsville, MD
MobileIron Platform Validation Report Version 0.3, 02/22/2019
iii
Table of Contents
Contents
1 Executive Summary.................................................................................................... 1
2 Identification............................................................................................................... 1
3 Architectural Information ........................................................................................... 3
3.1 TOE Evaluated Configuration ............................................................................ 4
3.2 TOE Architecture................................................................................................ 4
3.3 Physical Boundaries............................................................................................ 4
4 Security Policy............................................................................................................ 5
4.1 Security audit ...................................................................................................... 5
4.2 Cryptographic support ........................................................................................ 5
4.3 Identification and authentication......................................................................... 6
4.4 Security management.......................................................................................... 6
4.5 Protection of the TSF.......................................................................................... 6
4.6 TOE access.......................................................................................................... 7
4.7 Trusted path/channels ......................................................................................... 7
5 Assumptions & Clarification of Scope ....................................................................... 7
6 Documentation............................................................................................................ 8
7 IT Product Testing ...................................................................................................... 8
7.1 Developer Testing............................................................................................... 8
7.2 Evaluation Team Independent Testing ............................................................... 8
8 Evaluated Configuration ............................................................................................. 9
9 Results of the Evaluation ............................................................................................ 9
9.1 Evaluation of the Security Target (ASE).......................................................... 10
9.2 Evaluation of the Development (ADV)............................................................ 10
9.3 Evaluation of the Guidance Documents (AGD) ............................................... 10
9.4 Evaluation of the Life Cycle Support Activities (ALC) ................................... 10
9.5 Evaluation of the Test Documentation and the Test Activity (ATE) ............... 11
9.6 Vulnerability Assessment Activity (VAN)....................................................... 11
9.7 Summary of Evaluation Results........................................................................ 11
10 Validator Comments/Recommendations .................................................................. 12
11 Annexes..................................................................................................................... 12
12 Security Target.......................................................................................................... 12
13 Glossary .................................................................................................................... 12
14 Bibliography ............................................................................................................. 13
MobileIron Platform Validation Report Version 0.3, 02/22/2019
1
1 Executive Summary
This report documents the assessment of the National Information Assurance Partnership
(NIAP) validation team of the evaluation of MobileIron Platform solution provided by
MobileIron. It presents the evaluation results, their justifications, and the conformance
results. This Validation Report is not an endorsement of the Target of Evaluation by any
agency of the U.S. government, and no warranty is either expressed or implied.
The evaluation was performed by the Gossamer Security Solutions (Gossamer) Common
Criteria Testing Laboratory (CCTL) in Catonsville, MD, United States of America, and was
completed in February 2019. The information in this report is largely derived from the
Evaluation Technical Report (ETR) and associated test reports, all written by Gossamer
Security Solutions. The evaluation determined that the product is both Common Criteria
Part 2 Extended and Part 3 Conformant, and meets the assurance requirements of the
Protection Profile for Mobile Device Management, Version 3.0, 21 November 2016 with
Extended Package for Mobile Device Management Agents, Version 3.0, 21 November 2016.
The Target of Evaluation (TOE) is the MobileIron Platform Version 10.
The Target of Evaluation (TOE) identified in this Validation Report has been evaluated at a
NIAP approved Common Criteria Testing Laboratory using the Common Methodology for
IT Security Evaluation (Version 3.1, Rev 5) for conformance to the Common Criteria for IT
Security Evaluation (Version 3.1, Rev 5). This Validation Report applies only to the specific
version of the TOE as evaluated. The evaluation has been conducted in accordance with the
provisions of the NIAP Common Criteria Evaluation and Validation Scheme and the
conclusions of the testing laboratory in the evaluation technical report are consistent with the
evidence provided.
The validation team monitored the activities of the evaluation team, provided guidance on
technical issues and evaluation processes, and reviewed the individual work units and
successive versions of the ETR. The validation team found that the evaluation showed that
the product satisfies all of the functional requirements and assurance requirements stated in
the Security Target (ST). Therefore, the validation team concludes that the testing
laboratory’s findings are accurate, the conclusions justified, and the conformance results are
correct. The conclusions of the testing laboratory in the evaluation technical report are
consistent with the evidence produced.
The technical information included in this report was obtained from the MobileIron Platform
(MDMPP30 and MDMAEP30) Security Target, version 0.8, 01/04/2019 and analysis
performed by the Validation Team.
2 Identification
The CCEVS is a joint National Security Agency (NSA) and National Institute of Standards
and Technology (NIST) effort to establish commercial facilities to perform trusted product
evaluations. Under this program, security evaluations are conducted by commercial testing
laboratories called Common Criteria Testing Laboratories (CCTLs) using the Common
MobileIron Platform Validation Report Version 0.3, 02/22/2019
2
Evaluation Methodology (CEM) in accordance with National Voluntary Laboratory
Assessment Program (NVLAP) accreditation.
The NIAP Validation Body assigns Validators to monitor the CCTLs to ensure quality and
consistency across evaluations. Developers of information technology products desiring a
security evaluation contract with a CCTL and pay a fee for their product’s evaluation. Upon
successful completion of the evaluation, the product is added to NIAP’s Validated Products
List.
Table 1 provides information needed to completely identify the product, including:
 The Target of Evaluation (TOE): the fully qualified identifier of the product as evaluated.
 The Security Target (ST), describing the security features, claims, and assurances of the
product.
 The conformance result of the evaluation.
 The Protection Profile to which the product is conformant.
 The organizations and individuals participating in the evaluation.
Table 1: Evaluation Identifiers
Item Identifier
Evaluation Scheme United States NIAP Common Criteria Evaluation and Validation Scheme
TOE MobileIron Platform Version 10
Protection Profile (Specific models identified in Section 8)
Protection Profile for Mobile Device Management, Version 3.0, 21 November
2016 with Extended Package for Mobile Device Management Agents, Version
3.0, 21 November 2016
ST MobileIron Platform (MDMPP30 and MDMAEP30) Security Target, version 0.8,
01/04/2019
Evaluation Technical
Report
Evaluation Technical Report for MobileIron Platform Version 10, version 0.2,
01/08/2019
CC Version Common Criteria for Information Technology Security Evaluation, Version 3.1,
Rev 5
Conformance Result CC Part 2 extended, CC Part 3 conformant
Sponsor MobileIron
Developer MobileIron
Common Criteria
Testing Lab (CCTL)
Gossamer Security Solutions, Inc.
Catonsville, MD
CCEVS Validators
MobileIron Platform Validation Report Version 0.3, 02/22/2019
3
3 Architectural Information
Note: The following architectural description is based on the description presented in the
Security Target.
The TOE is an MDM solution where the claimed security functions are implemented in a
central MDM server – MobileIron Core (deployed as a physical appliance or a VM), and
associated MDM Agents – Mobile@Work for Android devices.
The MobileIron Core server also supports enrollment and the subsequent management of
Apple iPad and iPhone Mobile Devices with iOS 11.2, however, there are no security
functions claimed for the iOS device agent itself. The iOS MDM agent has already been
evaluated on Apple iPad and iPhone Mobile Devices with iOS 11.2 (NIAP VID 10851).
MobileIron Core integrates with backend enterprise IT systems and enables IT to define
security and management policies for mobile apps, content and devices independent of the
operating system. MobileIron Core enables mobile device (including both Android and iOS
mobile devices), application, and content management.
 Mobile device management capabilities are the primary focus of this evaluation and
enable IT to securely manage mobile devices across mobile operating systems and
provide secure corporate email, automatic device configuration, certificate-based
security, and selective wiping of enterprise data from both corporate-owned as well
as user-owned devices.
 Mobile application management capabilities are a secondary focus of this evaluation
and help IT manage the entire application lifecycle, from making the applications
available in the enterprise app storefront, facilitating deployment of applications to
mobile devices, and retiring applications as necessary. Note that this capability is
referred to as MAS – Mobile Application Store.
 Mobile content management functions are included in the MobileIron Platform, but
no claims are made about those capabilities in the Security Target.
MobileIron Client– also known as Mobile@Work for Android – is an app downloaded by
end users onto their mobile devices. It configures the device to function in an enterprise
environment by enforcing the configuration and security policies set by the IT department.
Once installed, it creates a secure MobileIron container to protect enterprise data and
applications.
 The MobileIron Client works with MobileIron Core to configure corporate email,
Wi-Fi, VPN, and security certificates and to create a clear separation between
personal and business information. This allows IT to selectively wipe only the
enterprise data on the device if the user leaves or if the device falls out of compliance
or is lost.
 The MobileIron Client also enables additional enterprise device controls that are not
subject to security claims and hence are outside the scope of this evaluation.
MobileIron Platform Validation Report Version 0.3, 02/22/2019
4
3.1 TOE Evaluated Configuration
Detail regarding the evaluated configuration is provided in Section 8 below.
3.2 TOE Architecture
The TOE is the MobileIron Platform composed of the following components:
 MobileIron Core, Version 10.0.1.0
 MobileIron Client – Mobile@Work for Android, Version 10.0.1.0
MobileIron Core:
MobileIron Core is a server based on a CentOS 7.4 Linux operating system (OS) with Apache
2.4 (or later) that runs on an Intel x64 architecture server platform. MobileIron supports the
MobileIron Core operating on one physical server appliance that they distribute (Mobile Iron
M2600) as well as virtual deployments in VMWare ESXi (5.1, 5.5, or 6.0) and Microsoft
Hyper-V (Server 2008 R2 or Server 2012 R2).
MobileIron Client:
MobileIron Client consists of apps deployed on Android mobile devices.
**MobileIron Core can also manage devices with the iOS MDM agent developed and
evaluated by Apple Inc. – that agent has been evaluated on Apple iPad and iPhone Mobile
Devices with iOS 11.2 (NIAP VID 10851).
3.3 Physical Boundaries
The TOE is the MobileIron Platform composed of the following components:
 MobileIron Core, Version 10.0.1.0
 MobileIron Client – Mobile@Work for Android, Version 10.0.1.0
MobileIron Core:
MobileIron Core is a server based on a CentOS 7.4 Linux operating system (OS) with Apache
2.4 (or later) that runs on an Intel x64 architecture server platform. MobileIron supports the
MobileIron Core operating on one physical server appliance that they distribute (Mobile Iron
M2600) as well as virtual deployments in VMWare ESXi (5.1, 5.5, or 6.0) and Microsoft
Hyper-V (Server 2008 R2 or Server 2012 R2).
The MobileIron M2600 appliances running CentOS 7.4 are based on Intel Xeon E5 CPUs
and are part of the operating environment of the TOE (ie. Server Platform).
MobileIron Core can optionally be configured to utilize an external LDAP server via a secure
TLS channel to authenticate users. The LDAP server is part of the operating environment of
the TOE.
MobileIron Client:
MobileIron Client consists of Mobile@Work deployed on Android mobile devices. The
devices themselves are part of the operating environment (ie. TOE Platform).
MobileIron Platform Validation Report Version 0.3, 02/22/2019
5
The TOE may be accessed and managed through a web based interface for remote access
using a web browser.
4 Security Policy
This section summaries the security functionality of the TOE:
1. Security audit
2. Cryptographic support
3. Identification and authentication
4. Security management
5. Protection of the TSF
6. TOE access
7. Trusted path/channels
4.1 Security audit
The MDM Server can generate and store audit records for security-relevant events as they
occur. These events are stored and protected by the MDM Server and can be reviewed by an
authorized administrator. The MDM Server can be configured to export the audit records in
either in CSV (comma separated values) format, text format, or a compressed archive format
utilizing TLS for protection of the records on the network. The MDM Server also supports
the ability to query information about MDM agents and export MDM configuration
information.
The MDM Agent can generate audit records for security-relevant events and includes the
ability to indicate (i.e., respond) when it has been enrolled and when policies are successfully
applied to the MDM Agent. The MDM Server can be configured to alert an administrator
based on its configuration. For example, it can be configured to alert the administrator when
a policy update fails or an MDM Agent has been enrolled.
4.2 Cryptographic support
The MDM Server and MDM Agent both include and/or utilize cryptographic modules with
certified algorithms for a wide range of cryptographic functions including: asymmetric key
generation and establishment, encryption/decryption, cryptographic hashing and keyed-hash
message authentication. These functions are supported with suitable random bit generation,
initialization vector generation, secure key storage, and key and protected data destruction.
The primitive cryptographic functions are used to implement security communication
protocols: TLS and HTTPS used for communication between the MDM Server and MDM
Agent and between the MDM Server and remote administrators.
MobileIron Platform Validation Report Version 0.3, 02/22/2019
6
4.3 Identification and authentication
The MDM Server requires mobile device users (MD users) and administrators to be
authenticated prior to allowing any security-related functions to be performed. This includes
MD users enrolling their device in the MDM Server using a corresponding MDM Agent as
well as an administrator logging on to manage the MDM Server configuration, MDM
policies for mobile devices, etc.
In addition, both the MDM Server and MDM Agent utilize X.509 certificates, including
certificate validation checking, in conjunction with TLS to secure communications between
the MDM Server and MDM Agents as well as between the MDM Server and administrators
using a web-based user interface for remote administrative access.
4.4 Security management
The MDM Server is designed to include at least two distinct user roles: administrator and
mobile device user (MD user). The former interacts directly with the MDM Server while the
latter is the user of a mobile device hosting an MDM Agent. The MDM Server further
supports the fine-grain assignment of role (access to management function) to defined users
allowing the definition of multiple user and administrator roles with different capabilities
and responsibilities.
The MDM Server provides all the function necessary to manage its own security functions
as well as to manage mobile device policies that are sent to MDM Agents. In addition, the
MDM Server ensures that security management functions are limited to authorized
administrators while allowing MD users to perform only necessary functions such as
enrolling in the MDM Server.
The MDM Agents provide the functions necessary to securely communicate with and enroll
in a MDM Server, implement policies received from an enrolled MDM Server, and report
the results of applying policies.
4.5 Protection of the TSF
The MDM Server and MDM Agent work together to ensure that all security related
communication between those components is protected from disclosure and modification.
Both the MDM Server and MDM Agent include self-testing capabilities to ensure that they
are functioning properly. The MDM Server also has the ability to cryptographically verify
during start-up that its executable image has not been corrupted.
The MDM Server also includes mechanisms (i.e., verification of the digital signature of each
new image) so that the TOE itself can be updated while ensuring that the updates will not
introduce malicious or other unexpected changes in the TOE.
MobileIron Platform Validation Report Version 0.3, 02/22/2019
7
4.6 TOE access
The MDM Server has the capability to display an advisory banner when users attempt to
login in order to manage the TOE using the web-based and command-line based user
interfaces.
4.7 Trusted path/channels
The MDM Server uses TLS/HTTPS to secure communication channels between itself and
remote administrators accessing the TOE via a web-based user interface.
The MDM Server can optionally be configured to use TLS to communicate with an LDAP
server for user authentication.
It also uses TLS to secure communication channels between itself and mobile device users
(MD users). In this latter case, the protected communication channel is established between
the MDM Server and applicable MDM Agent on the user’s mobile device.
5 Assumptions & Clarification of Scope
Assumptions
The Security Problem Definition, including the assumptions, may be found in the following
documents:
 Protection Profile for Mobile Device Management, Version 3.0, 21 November 2016
with Extended Package for Mobile Device Management Agents, Version 3.0, 21
November 2016
That information has not been reproduced here and the MDMPP30/MDMAEP30 should be
consulted if there is interest in that material.
The scope of this evaluation was limited to the functionality and assurances covered in the
MDMPP30/MDMAEP30 as described for this TOE in the Security Target. Other
functionality included in the product was not assessed as part of this evaluation. All other
functionality provided by the devices needs to be assessed separately, and no further
conclusions can be drawn about their effectiveness.
Clarification of scope
All evaluations (and all products) have limitations, as well as potential misconceptions that
need clarification. This text covers some of the more important limitations and clarifications
of this evaluation. Note that:
 As with any evaluation, this evaluation only shows that the evaluated configuration
meets the security claims made with a certain level of assurance (the assurance
activities specified in the Protection Profile for Mobile Device Management, Extended
Package for Mobile Device Management Agents and performed by the evaluation team).
 This evaluation covers only the specific device models and software as identified in
this document, and not any earlier or later versions released or in process.
MobileIron Platform Validation Report Version 0.3, 02/22/2019
8
 This evaluation did not specifically search for, nor attempt to exploit, vulnerabilities
that were not “obvious” or vulnerabilities to objectives not claimed in the ST. The
CEM defines an “obvious” vulnerability as one that is easily exploited with a
minimum of understanding of the TOE, technical sophistication and resources.
 The functionality evaluated is scoped exclusively to the security functional
requirements specified in the MDMPP30/MDMAEP30 and applicable Technical
Decisions. Any additional security related functional capabilities of the TOE were
not covered by this evaluation.
6 Documentation
The following documents were available with the TOE for evaluation:
 MobileIron Core and Android and iOS Client Mobile Device Management Protection
Profile Guide, Version 1.1, January 10, 2019
7 IT Product Testing
This section describes the testing efforts of the developer and the Evaluation Team. It is
derived from information contained in the Assurance Activity Report
(MDMPP30/MDMAEP30) for MobileIron Platform, Version 0.2, 01/08/2019 (AAR).
7.1 Developer Testing
No evidence of developer testing is required in the assurance activities for this product.
7.2 Evaluation Team Independent Testing
The evaluation team verified the product according a Common Criteria Certification
document and ran the tests specified in the MDMPP30/MDMAEP30 including the tests
associated with optional requirements.
In regards to the tests, the following should be noted:
Only the physical server appliance (Mobile Iron M2600) and the Hyper-V virtual deployment
configurations were tested. The ESXi virtual deployment configuration was not tested.
The CMVP certificates for Red Hat Enterprise Linux OpenSSL Module 5.0 (CMVP #3016)
apply only to the physical server appliance configuration.
The CMVP certificates for Bouncy Castle (1.0.1) cryptographic library (CMVP #3152) apply
only to the ESXi virtual deployment configuration.
Arguments for equivalence were presented in the AAR, section 1.1.2. These were accepted,
in this lone instance, by NIAP.
MobileIron Platform Validation Report Version 0.3, 02/22/2019
9
8 Evaluated Configuration
The TOE is the MobileIron Platform composed of the following components:
 MobileIron Core, Version 10.0.1.0
 MobileIron Client – Mobile@Work for Android, Version 10.0.1.0
MobileIron Core:
MobileIron Core is a server based on a CentOS 7.4 Linux operating system (OS) with Apache
2.4 (or later) that runs on an Intel x64 architecture server platform. MobileIron supports the
MobileIron Core operating on one physical server appliance that they distribute (Mobile Iron
M2600) as well as virtual deployments in VMWare ESXi (5.1, 5.5, or 6.0) and Microsoft
Hyper-V (Server 2008 R2 or Server 2012 R2).
The MobileIron M2600 appliances are based on Intel Xeon E5 CPUs and utilize Intel
network adapters (Quad I350 GbE) along with SATA disk drives and 128 GB of DRAM.
MobileIron Core can optionally be configured to utilize an external LDAP server via a secure
TLS channel to authenticate users.
MobileIron Client:
MobileIron Client consists of apps deployed on Android mobile devices.
NIAP requires that MDM agents must be installed on NIAP-evaluated mobile devices in
order to be evaluated using the MDMAEP20. At present there are a number of evaluated
Samsung Galaxy mobile Android devices ranging from Android version 7 to 8 that can be
used with the Android version of the MobileIron Client.
 (NIAP VID 10898, https://www.niap-ccevs.org/MMO/Product/st_vid10898-st.pdf)
Samsung Galaxy Devices on Android 8: Samsung Galaxy S8, S8+, S8 Active, Note
8, S9 and S9+.
 (NIAP VID 10849, https://www.niap-ccevs.org/MMO/Product/st_vid10849_st.pdf)
Samsung Galaxy Devices on Android 7.1: Samsung Galaxy Note8 and Tab Active 2.
 (NIAP VID 10809, https://www.niap-ccevs.org/MMO/Product/st_vid10809-st.pdf)
Samsung Galaxy Devices with Android 7: Samsung Galaxy S6, S6 Active, S6 Edge,
S6 Edge+, Note 5, S7, S7 Active, S7 Edge, S8, S8 Active, S8+, and Tab S3.
MobileIron Core can manage devices with the iOS MDM agent developed and evaluated by
Apple Inc. – that agent has been evaluated on Apple iPad and iPhone Mobile Devices with
iOS 11.2 (NIAP VID 10851).
9 Results of the Evaluation
The results of the assurance requirements are generally described in this section and are
presented in detail in the proprietary ETR. The reader of this document can assume that all
assurance activities and work units received a passing verdict.
A verdict for an assurance component is determined by the resulting verdicts assigned to the
corresponding evaluator action elements. The evaluation was conducted based upon CC
MobileIron Platform Validation Report Version 0.3, 02/22/2019
10
version 3.1 rev 5 and CEM version 3.1 rev 5. The evaluation determined the MobileIron
Platform TOE to be Part 2 extended, and to meet the SARs contained in the
MDMPP30/MDMAEP30.
9.1 Evaluation of the Security Target (ASE)
The evaluation team applied each ASE CEM work unit. The ST evaluation ensured the ST
contains a description of the environment in terms of policies and assumptions, a statement
of security requirements claimed to be met by the MobileIron Platform Version 10 products
that are consistent with the Common Criteria, and product security function descriptions that
support the requirements.
The validator reviewed the work of the evaluation team, and found that sufficient evidence
and justification was provided by the evaluation team to confirm that the evaluation was
conducted in accordance with the requirements of the CEM, and that the conclusion reached
by the evaluation team was justified.
9.2 Evaluation of the Development (ADV)
The evaluation team applied each ADV CEM work unit. The evaluation team assessed the
design documentation and found it adequate to aid in understanding how the TSF provides
the security functions. The design documentation consists of a functional specification
contained in the Security target and Guidance documents. Additionally, the evaluator
performed the assurance activities specified in the MDMPP30/MDMAEP30 related to the
examination of the information contained in the TSS.
The validator reviewed the work of the evaluation team, and found that sufficient evidence
and justification was provided by the evaluation team to confirm that the evaluation was
conducted in accordance with the requirements of the CEM, and that the conclusion reached
by the evaluation team was justified.
9.3 Evaluation of the Guidance Documents (AGD)
The evaluation team applied each AGD CEM work unit. The evaluation team ensured the
adequacy of the user guidance in describing how to use the operational TOE. Additionally,
the evaluation team ensured the adequacy of the administrator guidance in describing how
to securely administer the TOE. All of the guides were assessed during the design and testing
phases of the evaluation to ensure they were complete.
The validator reviewed the work of the evaluation team, and found that sufficient evidence
and justification was provided by the evaluation team to confirm that the evaluation was
conducted in accordance with the requirements of the CEM, and that the conclusion reached
by the evaluation team was justified.
9.4 Evaluation of the Life Cycle Support Activities (ALC)
The evaluation team applied each ALC CEM work unit. The evaluation team found that the
TOE was identified.
MobileIron Platform Validation Report Version 0.3, 02/22/2019
11
The validator reviewed the work of the evaluation team, and found that sufficient evidence
and justification was provided by the evaluation team to confirm that the evaluation was
conducted in accordance with the requirements of the CEM, and that the conclusion reached
by the evaluation team was justified.
9.5 Evaluation of the Test Documentation and the Test Activity (ATE)
The evaluation team applied each ATE CEM work unit. The evaluation team ran the set of
tests specified by the assurance activities in the MDMPP30/MDMAEP30 and recorded the
results in a Detailed Test Report, summarized in the AAR.
The validator reviewed the work of the evaluation team, and found that sufficient evidence
and justification was provided by the evaluation team to confirm that the evaluation was
conducted in accordance with the requirements of the CEM, and that the conclusion reached
by the evaluation team was justified.
9.6 Vulnerability Assessment Activity (VAN)
The evaluation team applied each AVA CEM work unit. The vulnerability analysis is in the
Detailed Test Report (DTR) prepared by the evaluator. The vulnerability analysis includes
a public search for vulnerabilities. The public search for vulnerabilities did not uncover
any residual vulnerability.
The evaluator searched the National Vulnerability Database
(https://web.nvd.nist.gov/vuln/search) and Vulnerability Notes Database
(http://www.kb.cert.org/vuls/) on 12/28/2018 with the following search terms:
• Mobile Iron
• Mobile@work
• CentOS 7
• OpenSSL
• Bouncy Castle
• GNU Core Utilities
• Linux Kernel Crypto
The validator reviewed the work of the evaluation team, and found that sufficient evidence
and justification was provided by the evaluation team to confirm that the evaluation was
conducted in accordance with the requirements of the CEM, and that the conclusion reached
by the evaluation team was justified.
9.7 Summary of Evaluation Results
The evaluation team’s assessment of the evaluation evidence demonstrates that the claims in
the ST are met. Additionally, the evaluation team’s testing also demonstrated the accuracy
of the claims in the ST.
MobileIron Platform Validation Report Version 0.3, 02/22/2019
12
The validation team’s assessment of the evidence provided by the evaluation team is that it
demonstrates that the evaluation team followed the procedures defined in the CEM, and
correctly verified that the product meets the claims in the ST.
10 Validator Comments/Recommendations
The validators suggest that the consumer pay particular attention to the evaluated
configuration of the device(s). The functionality evaluated is scoped exclusively to the
security functional requirements specified in the Security Target, and only the functionality
implemented by the SFR’s within the Security Target was evaluated.
All other functionality provided by the MobileIron Platform, to include software that was not
part of the evaluated configuration, needs to be assessed separately and no further
conclusions can be drawn about their effectiveness. Specifically, MobileIron Sentry and
additional mobile device applications, e.g., Mobile@Work for iOS, Web@work,
Docs@work, AppConnect container and Secure Application Manager are not covered by the
evaluation, nor are applications that may be provided with the Android mobile platforms.
Additionally, the validators advise that administrators carefully review and understand the
audit process and actions required to establish and maintain audit as the TOE includes several
repositories for audit data, and the export of each is accomplished separately.
11 Annexes
Not applicable
12 Security Target
The Security Target is identified as: MobileIron Platform (MDMPP30/MDMAEP30)
Security Target, Version 0.8, 01/04/2019.
13 Glossary
The following definitions are used throughout this document:
 Common Criteria Testing Laboratory (CCTL). An IT security evaluation facility
accredited by the National Voluntary Laboratory Accreditation Program (NVLAP) and
approved by the CCEVS Validation Body to conduct Common Criteria-based
evaluations.
 Conformance. The ability to demonstrate in an unambiguous way that a given
implementation is correct with respect to the formal model.
 Evaluation. The assessment of an IT product against the Common Criteria using the
Common Criteria Evaluation Methodology to determine whether or not the claims made
are justified; or the assessment of a protection profile against the Common Criteria using
the Common Evaluation Methodology to determine if the Profile is complete, consistent,
technically sound and hence suitable for use as a statement of requirements for one or
more TOEs that may be evaluated.
MobileIron Platform Validation Report Version 0.3, 02/22/2019
13
 Evaluation Evidence. Any tangible resource (information) required from the sponsor or
developer by the evaluator to perform one or more evaluation activities.
 Feature. Part of a product that is either included with the product or can be ordered
separately.
 Target of Evaluation (TOE). A group of IT products configured as an IT system, or an
IT product, and associated documentation that is the subject of a security evaluation
under the CC.
 Validation. The process carried out by the CCEVS Validation Body leading to the issue
of a Common Criteria certificate.
 Validation Body. A governmental organization responsible for carrying out validation
and for overseeing the day-to-day operation of the NIAP Common Criteria Evaluation
and Validation Scheme.
14 Bibliography
The Validation Team used the following documents to produce this Validation Report:
[1] Common Criteria for Information Technology Security Evaluation: Part 1:
Introduction and General Model, Version 3.1, Revision 4, September 2012.
[2] Common Criteria for Information Technology Security Evaluation Part 2: Security
functional components, Version 3.1, Revision 4, September 2012.
[3] Common Criteria for Information Technology Security Evaluation Part 3: Security
assurance components, Version 3.1 Revision 4, September 2012.
[4] Protection Profile for Mobile Device Management, Version 3.0, 21 November 2016
with Extended Package for Mobile Device Management Agents, Version 3.0, 21
November 2016.
[5] MobileIron Platform (MDMPP30/MDMAEP30) Security Target, Version 0.8,
01/04/2019 (ST).
[6] Assurance Activity Report (MDMPP30/MDMAEP30) for MobileIron Platform
Version 10, Version 0.2, 01/08/2019 (AAR).
[7] Detailed Test Report (MDMPP30/MDMAEP30) for MobileIron Platform Version
10, Version 0.2, 01/08/2019 (DTR).
[8] Evaluation Technical Report for MobileIron Platform, Version 0.2, 01/08/2019
(ETR)