VMware Workspace ONE Boxer Email Client Version 23.11 Security Target ST Version: 1.0 March 4, 2024 VMware 1155 Perimeter Center West Suite 100 Atlanta, GA 30338 Prepared By: Cyber Assurance Testing Laboratory 1100 West St. Laurel, MD 20707 Security Target VMware Workspace ONE Boxer Email Client ii | P a g e Table of Contents 1 Security Target Introduction.................................................................................................................1 1.1 ST Reference.................................................................................................................................1 ST Identification ...................................................................................................................1 Document Organization ........................................................................................................1 Terminology..........................................................................................................................1 Acronyms..............................................................................................................................2 Reference ..............................................................................................................................3 1.2 TOE Reference..............................................................................................................................3 1.3 TOE Overview..............................................................................................................................3 1.4 TOE Type......................................................................................................................................5 2 TOE Description ...................................................................................................................................6 2.1 Evaluated Components of the TOE ..............................................................................................6 2.2 Components and Applications in the Operational Environment...................................................6 2.3 Excluded from the TOE ................................................................................................................7 Not Installed..........................................................................................................................7 Installed but Requires a Separate License.............................................................................7 Installed but Not Part of the TSF ..........................................................................................7 2.4 Physical Boundary ........................................................................................................................7 Hardware...............................................................................................................................7 Software ................................................................................................................................7 2.5 Logical Boundary..........................................................................................................................8 Cryptographic Support..........................................................................................................8 User Data Protection .............................................................................................................9 Identification and Authentication..........................................................................................9 Security Management ...........................................................................................................9 Privacy ..................................................................................................................................9 Protection of the TSF ............................................................................................................9 Trusted Path/Channels ..........................................................................................................9 3 Conformance Claims ..........................................................................................................................10 3.1 CC Version..................................................................................................................................10 Security Target VMware Workspace ONE Boxer Email Client iii | P a g e 3.2 CC Part 2 Conformance Claims..................................................................................................10 3.3 CC Part 3 Conformance Claims..................................................................................................10 3.4 PP Claims....................................................................................................................................10 3.5 Package Claims...........................................................................................................................10 3.6 Package Name Conformant or Package Name Augmented........................................................10 3.7 Conformance Claim Rationale....................................................................................................10 3.8 Technical Decisions....................................................................................................................11 4 Security Problem Definition ...............................................................................................................13 4.1 Threats.........................................................................................................................................13 4.2 Organizational Security Policies.................................................................................................13 4.3 Assumptions................................................................................................................................13 4.4 Security Objectives .....................................................................................................................14 TOE Security Objectives ....................................................................................................14 Security Objectives for the Operational Environment ........................................................15 4.5 Security Problem Definition Rationale.......................................................................................15 5 Extended Components Definition.......................................................................................................16 5.1 Extended Security Functional Requirements..............................................................................16 5.2 Extended Security Assurance Requirements ..............................................................................16 6 Security Functional Requirements......................................................................................................17 6.1 Conventions ................................................................................................................................17 6.2 Security Functional Requirements Summary..............................................................................17 6.3 Security Functional Requirements..............................................................................................20 Class FCS: Cryptographic Support.....................................................................................20 Class FDP: User Data Protection........................................................................................27 Class FIA: Identification and Authentication .....................................................................29 Class FMT: Security Management .....................................................................................30 Class FPR: Privacy..............................................................................................................31 Class FPT: Protection of the TSF .......................................................................................31 Class FTP: Trusted Path/Channels......................................................................................33 6.4 Statement of Security Functional Requirements Consistency ....................................................34 7 Security Assurance Requirements ......................................................................................................35 Security Target VMware Workspace ONE Boxer Email Client iv | P a g e 7.1 Class ASE: Security Target.........................................................................................................35 ST introduction (ASE_INT.1).............................................................................................35 Conformance claims (ASE_CCL.1) ...................................................................................36 Security problem definition (ASE_SPD)............................................................................37 Security objectives for the operational environment (ASE_OBJ.1) ...................................38 Extended components definition (ASE_ECD.1).................................................................38 Stated security requirements (ASE_REQ.1).......................................................................39 TOE summary specification (ASE_TSS.1).........................................................................40 7.2 Class ADV: Development...........................................................................................................40 Basic Functional Specification (ADV_FSP.1)....................................................................40 7.3 Class AGD: Guidance Documentation .......................................................................................41 Operational User Guidance (AGD_OPE.1) ........................................................................41 Preparative Procedures (AGD_PRE.1)...............................................................................42 7.4 Class ALC: Life Cycle Support ..................................................................................................43 Labeling of the TOE (ALC_CMC.1)..................................................................................43 TOE CM Coverage (ALC_CMS.1) ....................................................................................43 Timely Security Updates (ALC_TSU_EXT.1)...................................................................44 7.5 Class ATE: Tests.........................................................................................................................45 Independent Testing - Conformance (ATE_IND.1) ...........................................................45 7.6 Class AVA: Vulnerability Assessment .......................................................................................45 Vulnerability Survey (AVA_VAN.1) .................................................................................45 8 TOE Summary Specification ..............................................................................................................47 8.1 Cryptographic Support................................................................................................................47 [APP_PP] FCS_CKM_EXT.1 and FCS_CKM.1.1/AK .....................................................49 [APP_PP] FCS_CKM.2......................................................................................................49 [EC_EP] FCS_CKM_EXT.3 ..............................................................................................49 [EC_EP] FCS_CKM_EXT.4 ..............................................................................................49 [EC_EP] FCS_CKM_EXT.5 ..............................................................................................50 [APP_PP] FCS_COP.1/SKC ..............................................................................................50 [APP_PP] FCS_COP.1/Hash..............................................................................................51 [APP_PP] FCS_COP.1/Sig.................................................................................................51 Security Target VMware Workspace ONE Boxer Email Client v | P a g e [APP_PP] FCS_COP.1/KeyedHash....................................................................................51 [EC_EP] FCS_COP_EXT.2(iOS), [EC_EP] FCS_COP_EXT.2(Android), and [EC_EP] FCS_COP_EXT.2(iPadOS)................................................................................................................52 [EC_EP] FCS_IVG_EXT.1 ................................................................................................52 [EC_EP] FCS_KYC_EXT.1...............................................................................................52 [APP_PP] FCS_RBG_EXT.1(iOS), [APP_PP] FCS_RBG_EXT.1(Android), [APP_PP] FCS_RBG_EXT.1(iPadOS), and [APP_PP] FCS_RBG_EXT.2 .......................................................53 [EC_EP] FCS_SMIME_EXT.1 ..........................................................................................54 [APP_PP] FCS_STO_EXT.1(1) .........................................................................................54 [APP_PP] FCS_STO_EXT.1(2) .........................................................................................61 8.2 User Data Protection...................................................................................................................61 [APP_PP] FDP_DAR_EXT.1.............................................................................................61 [APP_PP] FDP_DEC_EXT.1(iOS), [APP_PP] FDP_DEC_EXT.1(Android), and [APP_PP] FDP_DEC_EXT.1(iPadOS), .............................................................................................62 [APP_PP] FDP_NET_EXT.1 .............................................................................................63 [EC_EP] FDP_NOT_EXT.1...............................................................................................64 [EC_EP] FDP_SMIME_EXT.1..........................................................................................64 8.3 Identification and Authentication................................................................................................64 [APP_PP] FIA_X509_EXT.1 .............................................................................................64 [APP_PP] FIA_X509_EXT.2 .............................................................................................65 [EC_EP] FIA_X509_EXT.3 ...............................................................................................65 8.4 Security Management .................................................................................................................66 [APP_PP] FMT_CFG_EXT.1 ............................................................................................66 [APP_PP] FMT_MEC_EXT.1............................................................................................66 [EC_EP] FMT_MOF_EXT.1..............................................................................................66 [APP_PP] FMT_SMF.1......................................................................................................66 8.5 Privacy ........................................................................................................................................67 [APP_PP] FPR_ANO_EXT.1.............................................................................................67 8.6 Protection of the TSF..................................................................................................................67 [APP_PP] FPT_AEX_EXT.1 .............................................................................................67 [EC_EP] FPT_AON_EXT.1...............................................................................................67 [APP_PP] FPT_API_EXT.1 ...............................................................................................67 Security Target VMware Workspace ONE Boxer Email Client vi | P a g e [APP_PP] FPT_IDV_EXT.1(iOS), [APP_PP] FPT_IDV_EXT.1(Android), and [APP_PP] FPT_IDV_EXT.1(iPadOS).................................................................................................................69 [APP_PP] FPT_LIB_EXT.1 ...............................................................................................70 [APP_PP] FPT_TUD_EXT.1 and FPT_TUD_EXT.2........................................................71 8.7 Trusted Path/Channels ................................................................................................................72 [APP_PP] FTP_DIT_EXT.1(iOS), [APP_PP] FTP_DIT_EXT.1(Android), and [APP_PP] FTP_DIT_EXT.1(iPadOS) .................................................................................................................72 [EC_EP] FTP_ITC_EXT.1 .................................................................................................73 Table of Figures Figure 1: TOE Boundary ..............................................................................................................................4 Table of Tables Table 1: Customer Specific Terminology.....................................................................................................2 Table 2: CC Specific Terminology ...............................................................................................................2 Table 3: Acronym Definition........................................................................................................................2 Table 4: Evaluated Components of the TOE ................................................................................................6 Table 5: Components of the Operational Environment ................................................................................6 Table 6: CAVP Certificates for Boxer’s OpenSSL Implementation on Android.........................................8 Table 7: Technical Decisions......................................................................................................................12 Table 8: TOE Threats..................................................................................................................................13 Table 9: TOE Assumptions.........................................................................................................................14 Table 10: TOE Objectives ..........................................................................................................................14 Table 11: Operational Environment Objectives..........................................................................................15 Table 12: iOS Security Functional Requirements for the TOE ..................................................................18 Table 13: Android Security Functional Requirements for the TOE ...........................................................19 Table 14: iPadOS Security Functional Requirements for the TOE ............................................................20 Table 15: CAVP Certificates for Boxer’s OpenSSL Implementation on Android.....................................47 Table 16: Cryptographic Libraries..............................................................................................................49 Table 17: Stored Android Credentials ........................................................................................................58 Table 18: Stored iOS/iPadOS Credentials ..................................................................................................61 1 Security Target Introduction This chapter presents the Security Target (ST) identification information and an overview. An ST contains the Information Technology (IT) security requirements of an identified Target of Evaluation (TOE) and specifies the functional and assurance security measures offered by the TOE. 1.1 ST Reference This section provides information needed to identify and control this ST and its Target of Evaluation. ST Identification ST Title: VMware Workspace ONE Boxer Email Client Version 23.11 Security Target ST Version: 1.0 ST Publication Date: March 4, 2024 ST Author: Booz Allen Hamilton Document Organization Chapter 1 of this document provides identifying information for the ST and TOE as well as a brief description of the TOE and its associated TOE type. Chapter 2 describes the TOE in terms of its physical boundary, logical boundary, exclusions, and dependent Operational Environment components. Chapter 3 describes the conformance claims made by this ST. Chapter 4 describes the threats, assumptions, objectives, and organizational security policies that apply to the TOE. Chapter 5 defines extended Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs). Chapter 6 describes the SFRs that are to be implemented by the TSF. Chapter 7 describes the SARs that will be used to evaluate the TOE. Chapter 8 provides the TOE Summary Specification, which describes how the SFRs that are defined for the TOE are implemented by the TSF. Terminology This section defines the terminology used throughout this ST. The terminology used throughout this ST is defined in Table 1 and 2. These tables are to be used by the reader as a quick reference guide for terminology definitions. Term Definition Administrator An individual that has the ability to manage some aspect of mobile device configuration using the VMware Workspace ONE Unified Endpoint Management (UEM) console. UEM is a Mobile Device Management (MDM) product that contains a server and an agent that resides on the mobile device. Security Target VMware Workspace ONE Boxer Email Client 2 | P a g e Term Definition Managed Device Managed devices are those devices that are enrolled and managed by an MDM product. Enrolled devices have an agent installed on the device which provide status and policy information about the device to the UEM. Additionally, the agent is responsible for retrieving configuration information for the managed applications installed on the device. End User An individual who possesses a mobile device with the VMware Workspace ONE Boxer Email Client application installed and enrolled into UEM. Table 1: Customer Specific Terminology Term Definition Authorized Administrator The claimed Protection Profile defines an Authorized Administrator role that is authorized to manage the TOE and its data. Security Administrator Synonymous with Authorized Administrator. Trusted Channel An encrypted connection between the TOE and a system in the Operational Environment. Trusted Path An encrypted connection between the TOE and the application an Authorized Administrator uses to manage it (web browser, terminal client, etc.). User In a CC context, any individual who has the ability to manage TOE functions or data. Table 2: CC Specific Terminology Acronyms The acronyms used throughout this ST are defined in Table 3. This table is to be used by the reader as a quick reference guide for acronym definitions. Acronym Definition CA Certificate Authority CC Common Criteria HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure over a bidirectional TLS encrypted tunnel IT Information Technology MDM Mobile Device Management NIAP National Information Assurance Partnership OCSP Online Certificate Status Protocol OS Operating System PP Protection Profile SAR Security Assurance Requirement SFR Security Functional Requirement SSL Secure Sockets Layer ST Security Target TLS Transport Layer Security TOE Target of Evaluation TSF TOE Security Function UEM Unified Endpoint Management Table 3: Acronym Definition Security Target VMware Workspace ONE Boxer Email Client 3 | P a g e Reference [1] Protection Profile for Application Software, version 1.4 [APP_PP] [2] Application Software Extended Package for Email Clients, version 2.0 [EC_EP] [3] Common Criteria for Information Technology Security Evaluation – Part 1: Introduction and general model, dated April 2017, version 3.1, Revision 5, CCMB-2017-04-001 [4] Common Criteria for Information Technology Security Evaluation – Part 2: Security functional components, dated April 2017, version 3.1, Revision 5, CCMB-2017-04-002 [5] Common Criteria for Information Technology Security Evaluation – Part 3: Security assurance components, dated April 2017, version 3.1, Revision 5, CCMB-2017-04-003 [6] Common Methodology for Information Technology Security Evaluation – Evaluation Methodology, dated April 2017, version 3.1, Revision 5, CCMB-2017-04-004 [CEM] [7] NIST Special Publication 800-38A Recommendation for Block Cipher Modes of Operation, December 2001 [8] NIST Special Publication 800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, December 2012 [9] NIST Special Publication 800-56A Recommendation for Pair-Wise Key Establishment Schemes Discrete Logarithm Cryptography, April 2018 [10] NIST Special Publication 800-56B Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography, August 2009 [11] NIST Special Publication 800-57 Recommendation for Key Management, January 2016 [12] NIST Special Publication 800-88 Guideline for Media Sanitization, December 2014 [13] NIST Special Publication 800-90A Recommendation for Random Number Generation Using Deterministic Random Bit Generators, June 2015 [14] NIST Special Publication 800-132 Recommendation for Password-Based Key Derivation, December 2010 [15] FIPS PUB 180-4 Federal Information Processing Standards Publication Secure Hash Standard (SHS), March 2012 [16] FIPS PUB 186-4 Federal Information Processing Standards Publication Digital Signature Standard, July 2013 [17] FIPS PUB 198-1 Federal Information Processing Standards Publication The Keyed-Hash Message Authentication Code (HMAC), July 2008 [18] Apple iOS 16: iPhone Security Target, Version 1.1 (VID11349) [19] Apple iPadOS 16: iPad Security Target, Version 1.1 (VID11350) [20] Samsung Electronics Co., Ltd. Samsung Galaxy Devices on Android 13 – Spring Security Target, Version 0.5 (VID11342) [21] VMware Workspace ONE Boxer Admin Guide 1.2 TOE Reference The TOE is the VMware Workspace ONE Boxer Email Client Version 23.11. 1.3 TOE Overview The TOE is the VMware Workspace ONE Boxer Email Client product referred to as Boxer or TOE from this point forward. Boxer is an email client application software product that is installed on a mobile Security Target VMware Workspace ONE Boxer Email Client 4 | P a g e device platform. The Boxer application containerizes enterprise data from personal data that resides on the user’s mobile device. Boxer supports the use of Microsoft Exchange (using ActiveSync and/or Exchange Web Services), Office 365, Outlook, Gmail, Yahoo, Google Workspace and Lotus Notes, and Cloud email services. For the evaluated configuration, the enterprise management email support only applies to the use of Microsoft Exchange. In the evaluated configuration, the TOE is installed on a mobile device running iOS 16 (VID11349), a mobile device running iPadOS 16 (VID11350), as well as a mobile device host running Android 13 (VID11342). The mobile devices must be enrolled and managed by the VMware Workspace ONE Unified Endpoint Management (UEM) at the device level. When the TOE application is installed on the mobile device it is then enrolled as a managed application in UEM in order to obtain its configuration information. Additionally, the TOE is configured to use ActiveSync to communicate with the Microsoft Exchange server over a TLS v1.2 trusted channel. The Exchange server resides in the operational environment and is for sending and receiving enterprise data such as email, calendar information and appointment data. Whether installed on an Android or iOS/iPadOS device, the application validates the certificates using OCSP. The OCSP responder is also considered part of the operational environment. VMware UEM Hub Agent OCSP Responder for S/MIME Administrator Workstation Exchange Server VMware Workspace ONE Boxer Email Client VMware Workspace ONE UEM (MDM Server) OS (iOS or Android) OCSP Administrator Mobile Device Controlled Test Environment Google Play Store Apple App Store Amazon OCSP Responders for TLS Comms Key TOE Mobile Device Host Environment TOE User E3 E2 E1 E4 Operational Environment Dashed lines - Communication channels that are considered part of the operational environment. The TOE does not implement or invoke the OS to establish these channels. They are included for completeness of the required operational environment description E5 Figure 1: TOE Boundary Security Target VMware Workspace ONE Boxer Email Client 5 | P a g e As depicted in Figure 1, the TOE resides on the mobile device host running iOS 16, iPadOS 16 or Android 13. • E1: TOE to OCSP Responder – This interface is used for certificate validation checking over HTTP using the OCSP protocol. • E2: VMware Workspace ONE Intelligent Hub/OS to TOE – This interface is used for communication between the TOE and the device MDM agent for downloading policy information received from the VMware Workspace ONE Unified Endpoint Management (UEM/MDM server). • E3: Mobile device OS platform to Exchange server – This interface is used for communication between the mobile device OS platform and the remote Exchange server for sending and receiving email, when invoked by the TOE. All data is encrypted using TLS. • E4: TOE to/from mobile device OS platform store – This interface is used for communicating data between the TOE and the underlying mobile device OS platform application store when it is invoked. • E5: User to TOE – This interface is used for users who wish to interact with the TOE for checking e-mail, sending e-mail, and other TOE provided functionality. 1.4 TOE Type TOE type is Application Software Email Client. The TOE is application software that is installed on mobile devices which provides email client services that allows the user to receive, send, manage, and access enterprise email on their mobile device. Security Target VMware Workspace ONE Boxer Email Client 6 | P a g e 2 TOE Description This section provides a description of the TOE in its evaluated configuration. This includes the physical and logical boundaries of the TOE. 2.1 Evaluated Components of the TOE The following table describes the TOE components in the evaluated configuration: Component Definition VMware Workspace ONE Boxer Email Client v 23.11 Application for Apple iOS 16* VMware Email Client Application VMware Workspace ONE Boxer Email Client v 23.11 Application for Apple iPadOS 16* VMware Email Client Application VMware Workspace ONE Boxer Email Client v 23.11 Application for Android 13* VMware Email Client Application Table 4: Evaluated Components of the TOE *certified iOS 16 (VID11349), certified iPadOS 16 (VID11350), and certified Android 13 (VID11342). As shown in Figure 1, the TOE boundary on the end user mobile devices includes only the Boxer application. The mobile device and the OS that the application is installed on are considered part of the operational environment. The devices and the OS have been evaluated against the Mobile Device Fundamentals Protection Profile under the Validation ID numbers identified in Table 4 above. 2.2 Components and Applications in the Operational Environment The following table lists components and applications in the environment that the TOE relies upon in order to function properly: Component Definition OCSP Responder A server deployed within the Operational Environment which confirms the validity and revocation status of certificates. VMware Workspace ONE Unified Endpoint Management (UEM) Server The VMware Workspace ONE UEM server is used to manage the Boxer app (TOE) and its host mobile device. The UEM Server provides administrative access through its UEM Console. Microsoft Exchange Server 2019 Exchange server for sending and receiving emails to and from the Operational Environment configured to use ActiveSync to communicate. Mobile Device The hardware that runs the OS in which the application is installed on. The TOE was installed on a certified iOS 16 (VID11349) device, iPadOS 16 (VID11350), and certified Android 13 (VID11342) device. For testing, this evaluation used a Samsung Galaxy XCover6 Pro (Android), iPad Air 4th generation (Apple), and an iPhone 12 Pro (Apple). Table 5: Components of the Operational Environment Security Target VMware Workspace ONE Boxer Email Client 7 | P a g e 2.3 Excluded from the TOE The following optional products, components, and/or applications can be integrated with the TOE but are not included in the evaluated configuration. They provide no added security related functionality for the evaluated product. They are separated into three categories: not installed, installed but requires a separate license, and installed but not part of the TSF. Not Installed There are no components that are not installed. Installed but Requires a Separate License There are no excluded components that are installed and require a separate license. Installed but Not Part of the TSF This section contains functionality or components that are part of the purchased product but are not part of the TSF relevant functionality that is being evaluated as the TOE. There are no discrete individual components that are excluded from the TSF. Note however that the logical boundary of the TOE only includes the functionality that satisfies the Security Functional Requirements in the claimed Protection Profiles and the configuration specified in Section 2 above. Therefore, Boxer support for Microsoft Exchange (using Exchange Web Services), Office 365, Outlook, Gmail, Yahoo, Google Workspace, Lotus Notes, and Cloud email services are not part of the evaluated configuration. If the product provides functionality that is not used to satisfy any of the PP defined requirements, it is considered to be security-non-interfering functionality and is not part of the evaluated configuration. 2.4 Physical Boundary Hardware This is a software-only TOE. All hardware that is present is part of the TOE’s Operational Environment. VMware Workspace ONE Boxer Email Client v 23.11 Application for Apple iOS 16 iPhone 12 Pro, Apple A14 Bionic, certified iOS 16 VID11349 VMware Workspace ONE Boxer Email Client v 23.11 Application for Apple iPadOS 16 iPad Air 4th generation, Apple A14 Bionic, certified iPadOS 16 VID11350 VMware Workspace ONE Boxer Email Client v 23.11 Application for Android 13 Samsung Galaxy XCover6 Pro, Qualcomm Snapdragon 778G SM7325, certified Android 13 VID11342 Software The physical boundary of the TOE software is the Boxer application and its configuration data. Security Target VMware Workspace ONE Boxer Email Client 8 | P a g e 2.5 Logical Boundary The TOE is comprised of several security features. Each of these security features consists of several security functionalities, as identified below. This ST includes the security functional requirements from the Application Software Protection Profile v1.4 and the Email Client Extended Package v2.0. The security requirements that are derived from the Application Software Protection Profile are denoted with [APP_PP] and the requirements that are derived from the Application Software Extended Package for Email Clients are denoted with [EC_EP]. 1. Cryptographic Support 2. User Data Protection 3. Identification and Authentication 4. Security Management 5. Privacy 6. Protection of the TSF 7. Trusted Path/Channels Cryptographic Support Table 6: Boxer’s OpenSSL Implementation on Android Depending on which OS the application is installed on, the TOE either invokes the underlying platform or implements its own cryptographic module to perform cryptographic services. All cryptographic mechanisms, whether platform or application provided, use DRBG functionality to support cryptographic operations. Cryptographic functionality includes encryption/decryption services, credential/key storage, key establishment, key destruction, hashing services, signature services, key-hashed message authentication, and key chaining using a password-based derivation function. Cryptographic services for the application’s S/MIME functionality and TLS communications are provided by the underlying platform when the application is installed on a device running iOS/iPadOS. When installed on a device running the Android OS, the TOE invokes the underlying platform OpenSSL Algorithm for S/MIME (CAVP Cert# A5073) SFR Standard FCS_COP.1/KeyedHash FCS_CKM_EXT.5.3, HMAC-SHA-256, 256-bit key size NIST FIPS 198-1 and NIST FIPS 180-4 FCS_COP.1/SKC FCS_SMIME_EXT.1.2, AES-128-CBC and AES-256-CBC NIST SP 800-38A FCS_COP.1/SKC Encryption of Boxer specific database used in support of FCS_STO_EXT.1(1) & (2) storage of specific keys. AES-256-CBC NIST SP 800-38A FCS_COP.1/Hash FCS_SMIME_EXT.1.3, SHA-256, SHA-384, SHA-512 NIST FIPS 180-4 FCS_COP.1/Sig FCS_SMIME_EXT.1.4, RSA (2048, SHA-256) NIST FIPS 186-4 FCS_RBG_EXT.2.1 (Android) per FCS_RBG_EXT.1.1 (Android) DRBG CTR (AES-256) NIST SP 800-90A FCS_RBG_EXT.2.1 (Android) per FCS_RBG_EXT.1.1 (Android) FCS_COP.1/SKC AES-256-CTR NIST SP 800-38A Security Target VMware Workspace ONE Boxer Email Client 9 | P a g e cryptographic libraries for TLS communications and implements an OpenSSL cryptographic module to perform the cryptographic functionality required to support S/MIME (CAVP certificate #A5072). User Data Protection The TOE uses S/MIME to digitally sign, verify, decrypt, and encrypt email messages. The TOE stores all application data in an encrypted Boxer database which is created on the mobile device during installation. The TOE’s host platforms (iOS, iPadOS, and Android) implement file-based encryption to securely store the data. The TOE restricts its network access and provides user awareness when it attempts to access hardware resources and sensitive data stored on the host platform. The TOE displays notification icons that show S/MIME status. Each status is shown as a different color so that the user can quickly identify any issues. Identification and Authentication The TOE relies on the OS to validate X.509.3 certificates for TLS communication. The TOE validates X.509v3 certificates for signing and encrypting emails for S/MIME. Security Management The TOE enforces the application’s enterprise policy set by the UEM administrator pushed out to the managed TOE device. The TOE does not use default passwords, and automatically installs and configures the application to protect itself and its data from unauthorized access while also implementing the recommended platform security mechanisms. Changing one’s own password from the application is the only management function that can be performed by the owner/user of the mobile device with the TOE installed. Privacy The TOE does not transmit any personally identifiable information (PII) over the network unless voluntarily sent via free text email. Protection of the TSF The TOE does not support the installation of trusted or untrusted add-ons. The user is able to navigate the platform to check the version of the TOE and also check for updates to the application. All updates come from the Google Play Store (Android) or Apple App Store (iOS and iPadOS). The digital signature of the updates is verified by the mobile device platform prior to being installed. The TOE does not replace or modify its own binaries without user interaction. The TOE implements anti-exploitation features, such as stack-based overflow protection, is compatible with security features provided by the OS, and will only use documented APIs and libraries. Trusted Path/Channels The TOE invokes the platform to provide the trusted communication channel between the TOE and the Exchange server. Communications are protected with TLS v1.2. Communication to the Exchange server uses ActiveSync to send and receive emails. Security Target VMware Workspace ONE Boxer Email Client 10 | P a g e 3 Conformance Claims 3.1 CC Version This ST is compliant with Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5 April 2017. 3.2 CC Part 2 Conformance Claims This ST and Target of Evaluation (TOE) are conformant to Part 2 extended to include all applicable NIAP and International interpretations through March 4, 2024. 3.3 CC Part 3 Conformance Claims This ST and Target of Evaluation (TOE) are conformant to Part 3 extended to include all applicable NIAP and International interpretations through March 4, 2024. 3.4 PP Claims This ST claims exact conformance to the following Protection Profiles: • Protection Profile for Application Software Version 1.4 [APP_PP] • Application Software Extended Package for Email Clients v2.0 [EC_EP] 3.5 Package Claims The TOE claims exact compliance to the Protection Profile for Application Software and The Application Software Extended Package for Email Clients. The TOE claims following optional SFRs that are defined in the appendices of the claimed PP: [EC_EP] FCS_CKM_EXT.5 This does not violate the notion of exact conformance because the PP specifically indicates these as allowable options and provides both the ST author and evaluation laboratory with instructions on how these claims are to be documented and evaluated. 3.6 Package Name Conformant or Package Name Augmented This ST and TOE claim exact conformance to the [APP_PP] and [EC_EP]. 3.7 Conformance Claim Rationale The [APP_PP] states the following: “The application, which consists of the software provided by its vendor, is installed onto the platform(s) it operates on. It executes on the platform, which may be an operating system, hardware environment, a software based execution environment, or some combination of these.” “Applications include a diverse range of software such as office suites, thin clients, PDF readers, downloadable smartphone apps, and apps running in a cloud container. The TOE includes any software in Security Target VMware Workspace ONE Boxer Email Client 11 | P a g e the application installation package, even those pieces that may extend or modify the functionality of the underlying platform, such as kernel drivers.” The [EC_EP] states the following: “Email clients are user applications that provide functionality to send, receive, access and manage email. The complexity of email content and email clients has grown over time. Modern email clients can render HTML as well as plaintext, and may include functionality to display common attachment formats, such as Adobe PDF and Microsoft Word documents. Some email clients allow their functionality to be modified by users through the addition of add-ons. Protocols have also been defined for communicating between email clients and servers. Some clients support multiple protocols for doing the same task, allowing them to be configured according to email server specifications.” The Application Software Email Client TOE type is justified because the TOE is application software that is installed on mobile devices which provides email client services that allows the user to receive, send, manage, and access enterprise email on their mobile device. 3.8 Technical Decisions Technical Decisions that effected the SFR wording have been annotated with a Footnote. The following is a complete list of Technical Decisions that apply to the [APP_PP] and [EC_PP] evaluation activities that must be performed during the evaluation of this TOE: TD # Title References Changes Analysis to this evaluation SFR AA Notes NA Reason TD0815 Addition of Conditional TSS Activity for FPT_AEX_EXT.1.5 FPT_AEX_EXT.1.5 X AA: TSS, Test wording TD0798 Static Memory Mapping Exceptions FPT_AEX_EXT.1.1 X AA: TSS, Test wording TD0780 FIA_X509_EXT.1 Test 4 Clarification FIA_X509_EXT.1 X AA: Test wording TD0756 Update for platform-provided full disk encryption FDP_DAR_EXT.1 X AA: Test wording TD0747 Configuration Storage Option for Android FMT_MEC_EXT.1 X AA: Test wording TD0743 FTP_DIT_EXT.1.1 Selection exclusivity FTP_DIT_EXT.1.1 X X SFR: wording change Notes: wording change Footnote 16,17,18 TD0736 Number of elements for iterations of FCS_HTTPS_EXT.1 FCS_HTTPS_EXT.1.3/Server X X X Not claiming FCS_HTTPS_EXT.1 TD0719 ECD for PP APP V1.3 and 1.4 PP_APP_v1.3, PP_APP_v1.4 X Addition of the extended definitions that were missing from Evaluation Activities for PP_APP_v1.3 to PP_APP_v1.4. TD0717 Format changes for PP_APP_V1.4 FCS_CKM.1, FCS_CKM.2, FCS_CKM.1/AK, X SFR: wording change Security Target VMware Workspace ONE Boxer Email Client 12 | P a g e FCS_CKM.1/PBKDF, FCS_COP.1/Hash, FCS_COP.1/KeyedHash, FCS_COP.1/Sig, FCS_COP.1/SKC Footnote 1, 2, 8, 9, 10, 11 TD0664 Testing activity for FPT_TUD_EXT.2.2 FPT_TUD_EXT.2.2 X AA: Test wording TD0650 Conformance claim sections updated to allow for MOD_VPNC_V2.3 and 2.4 Section 2 X Not claiming PP- Module for VPN Clients, Version 2.4 TD0628 Addition of Container Image to Package Format FPT_TUD_EXT.2.1 X X SFR: wording change AA: Test wording Footnote 15 TD0560* Email Encryption Algorithms FCS_SMIME_EXT.1 X X X SFR: wording change Footnotes 12, 13, 14 TD0414* FTP_ITC_EXT1. Tests 1 and 2 FTP_ITC_EXT.1 X AA: Test wording TD0405* FIA_SASL_EXT.1 Testing FIA_SASL_EXT.1 X X Not claiming FIA_SASL_EXT.1 TD0352* Added key destruction options FCS_CKM_EXT.4 X X SFR: wording change AA: TSS wording Footnote 2 TD0266* Password/passphrase min vs max value for FCS_CKM_EXT.5.1 FCS_CKM_EXT.5.1 X X X SFR: wording change AA: TSS, AGD, Test wording Footnotes 4, 5, 6, 7 Table 7: Technical Decisions * Technical Decisions that apply to the Application Software Extended Package for Email Clients v2.0 [EC_PP]. Security Target VMware Workspace ONE Boxer Email Client 13 | P a g e 4 Security Problem Definition The security problem definition content from the [EC_EP] is explicitly marked but content from the [APP_PP] is not likewise distinguished in this section. 4.1 Threats This section identifies the threats against the TOE. These threats have been taken from the [APP_PP] and [EC_EP]. Threat Threat Definition T.FLAWED_ADDON [EC_EP] Email client functionality can be extended with integration of third- party utilities and tools. This expanded set of capabilities is made possible via the use of add-ons. The tight integration between the basic email client code and the new capabilities that add-ons provide increases the risk that malefactors could inject serious flaws into the email client application, either maliciously by an attacker, or accidentally by a developer. These flaws enable undesirable behaviors including, but not limited to, allowing unauthorized access to sensitive information in the email client, unauthorized access to the device's file system, or even privilege escalation that enables unauthorized access to other applications or the operating system. T.LOCAL_ATTACK An attacker can act through unprivileged software on the same computing platform on which the application executes. Attackers may provide maliciously formatted input to the application in the form of files or other local communications. T.NETWORK_ATTACK An attacker is positioned on a communications channel or elsewhere on the network infrastructure. Attackers may engage in communications with the application software or alter communications between the application software and other endpoints in order to compromise it. T.NETWORK_EAVESDROP An attacker is positioned on a communications channel or elsewhere on the network infrastructure. Attackers may monitor and gain access to data exchanged between the application and other endpoints. T.PHYSICAL_ACCESS An attacker may try to access sensitive data at rest. Table 8: TOE Threats 4.2 Organizational Security Policies There are no Organizational Security Policies in the [APP_PP] or [EC_EP]. 4.3 Assumptions The specific conditions listed in this section are assumed to exist in the TOE’s Operational Environment. These assumptions have been taken from the [APP_PP] or [EC_EP]. Assumption Assumption Definition A.PLATFORM The TOE relies upon a trustworthy computing platform with a reliable time clock for its execution. This includes the underlying platform and whatever runtime environment it provides to the TOE. A.PROPER_ADMIN The administrator of the application software is not careless, willfully negligent or hostile, and administers the software in compliance with the applied enterprise security policy. Security Target VMware Workspace ONE Boxer Email Client 14 | P a g e Assumption Assumption Definition A.PROPER_USER The user of the application software is not willfully negligent or hostile, and uses the software in compliance with the applied enterprise security policy. Table 9: TOE Assumptions 4.4 Security Objectives This section identifies the security objectives of the TOE and its supporting environment. The security objectives identify the responsibilities of the TOE and its environment in meeting the security needs. TOE Security Objectives This section identifies the security objectives of the TOE. These objectives have been taken directly from the [APP_PP] or [EC_EP]. Objective Objective Definition O.ADDON_INTEGRITY [EC_EP] To address issues associated with malicious or flawed plug-ins or extensions, conformant email clients implement mechanisms to ensure their integrity. This includes verification at installation time and update. O.INTEGRITY Conformant TOEs ensure the integrity of their installation and update packages, and also leverage execution environment-based mitigations. Software is seldom, if ever, shipped without errors. The ability to deploy patches and updates to fielded software with integrity is critical to enterprise network security. Processor manufacturers, compiler developers, execution environment vendors, and operating system vendors have developed execution environment-based mitigations that increase the cost to attackers by adding complexity to the task of compromising systems. Application software can often take advantage of these mechanisms by using APIs provided by the runtime environment or by enabling the mechanism through compiler or linker options. O.MANAGEMENT To facilitate management by users and the enterprise, conformant TOEs provide consistent and supported interfaces for their security-relevant configuration and maintenance. This includes the deployment of applications and application updates through the use of platform-supported deployment mechanisms and formats, as well as providing mechanisms for configuration. This also includes providing control to the user regarding disclosure of any PII. O.PROTECTED_COMMS To address both passive (eavesdropping) and active (packet modification) network attack threats, conformant TOEs will use a trusted channel for sensitive data. Sensitive data includes cryptographic keys, passwords, and any other data specific to the application that should not be exposed outside of the application. O.PROTECTED_STORAGE To address the issue of loss of confidentiality of user data in the event of loss of physical control of the storage medium, conformant TOEs will use data-at-rest protection. This involves encrypting data and keys stored by the TOE in order to prevent unauthorized access to this data. This also includes unnecessary network communications whose consequence may be the loss of data. O.QUALITY To ensure quality of implementation, conformant TOEs leverage services and APIs provided by the runtime environment rather than implementing their own versions of these services and APIs. This is especially important for cryptographic services and other complex operations such as file and media parsing. Leveraging this platform behavior relies upon using only documented and supported APIs. Table 10: TOE Objectives Security Target VMware Workspace ONE Boxer Email Client 15 | P a g e Security Objectives for the Operational Environment The TOE’s operational environment must satisfy the following objectives: Objective Objective Definition OE.PLATFORM The TOE relies upon a trustworthy computing platform for its execution. This includes the underlying operating system and any discrete execution environment provided to the TOE. OE.PROPER_ADMIN The administrator of the application software is not careless, willfully negligent or hostile, and administers the software within compliance of the applied enterprise security policy. OE.PROPER_USER The user of the application software is not willfully negligent or hostile, and uses the software within compliance of the applied enterprise security policy. Table 11: Operational Environment Objectives 4.5 Security Problem Definition Rationale The assumptions, threats, OSPs, and objectives that are defined in this ST represent the assumptions, threats, OSPs, and objectives that are specified in the Protection Profiles to which the TOE claims conformance. The associated mappings of assumptions to environmental objectives, SFRs to TOE objectives, and OSPs and objectives to threats are therefore identical to the mappings that are specified in the claimed Protection Profiles. Security Target VMware Workspace ONE Boxer Email Client 16 | P a g e 5 Extended Components Definition 5.1 Extended Security Functional Requirements The extended Security Functional Requirements that are claimed in this ST are taken directly from the PPs to which the ST and TOE claim conformance. These extended components are formally defined in the PPs in which their usage is required. 5.2 Extended Security Assurance Requirements The extended Security Assurance Requirement that is claimed in this ST is taken directly from the PP to which the ST and TOE claim conformance. This extended component is formally defined in the PP in which its usage is required. Security Target VMware Workspace ONE Boxer Email Client 17 | P a g e 6 Security Functional Requirements 6.1 Conventions The CC permits four functional component operations—assignment, refinement, selection, and iteration—to be performed on functional requirements. This ST will highlight the operations in the following manner: • Assignment: allows the specification of an identified parameter. Indicated with italicized text. • Refinement: allows the addition of details. Indicated with bold text. • Selection: allows the specification of one or more elements from a list. Indicated with underlined text. • Iteration operation: are identified with a number inside parentheses (e.g. "(1)") When multiple operations are combined, such as an assignment that is provided as an option within a selection or refinement, a combination of the text formatting is used. Text that is formatted in a claimed PP, such as if the PP’s instantiation of the SFR has a refinement (bolded font), or a completed assignment (inside brackets), the formatting is not preserved when reproduced in this ST. Only the assignments and selections made by the ST author are within [brackets]. This is so that the reader can easily identify the operations that are performed by the ST author. 6.2 Security Functional Requirements Summary The following tables list the SFRs claimed by the TOE per platform. SFRs that originate from the Application Software Protection Profile are denoted by a [APP_PP], SFRs that originated from the Email Client Extended Package are denoted by [EC_EP]. Class Name Component Identification Component Name Cryptographic Support [APP_PP] FCS_CKM_EXT.1 Cryptographic Key Generation Services [APP_PP] FCS_CKM.1/AK Cryptographic Asymmetric Key Generation [APP_PP] FCS_CKM.2 Cryptographic Key Establishment [EC_EP] FCS_CKM_EXT.3 Protection of Key and Key Material [EC_EP] FCS_CKM_EXT.4 Cryptographic Key Destruction [EC_EP] FCS_CKM_EXT.5 Cryptographic Key Derivation (Password/Passphrase Conditioning) [EC_EP] FCS_COP_EXT.2 (iOS) Key Wrapping [EC_EP] FCS_IVG_EXT.1 Initialization Vector Generation [EC_EP] FCS_KYC_EXT.1 Key Chaining [APP_PP] FCS_RBG_EXT.1 (iOS) Random Bit Generation Services [EC_EP] FCS_SMIME_EXT.1 Secure/Multipurpose Internet Mail Extension (S/MIME) [APP_PP] FCS_STO_EXT.1(1) Storage of Credentials [APP_PP] FCS_STO_EXT.1(2) Storage of Credentials (Revocation) User Data Protection [APP_PP] FDP_DAR_EXT.1 Encryption of Sensitive Application Data [APP_PP] FDP_DEC_EXT.1 (iOS) Access to Platform Resources [APP_PP] FDP_NET_EXT.1 Network Communications [EC_EP] FDP_NOT_EXT.1 Notification of S/MIME Status Security Target VMware Workspace ONE Boxer Email Client 18 | P a g e Class Name Component Identification Component Name [EC_EP] FDP_SMIME_EXT.1 S/MIME Identification and Authentication [APP_PP] FIA_X509_EXT.1 X.509 Authentication and Encryption [APP_PP] FIA_X509_EXT.2 X.509 Authentication and Encryption [EC_EP] FIA_X509_EXT.3 X.509 Authentication and Encryption Security Management [APP_PP] FMT_CFG_EXT.1 Secure by Default Configuration [APP_PP] FMT_MEC_EXT.1 Supported Configuration Mechanism [EC_EP] FMT_MOF_EXT.1 Management of Functions Behavior [APP_PP] FMT_SMF.1 Specification of Management Functions Privacy [APP_PP] FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information Protection of the TSF [APP_PP] FPT_AEX_EXT.1 Anti-Exploitation Capabilities [EC_EP] FPT_AON_EXT.1 Support for Only Trusted Add-ons [APP_PP] FPT_API_EXT.1 Use of Supported Services and APIs [APP_PP] FPT_IDV_EXT.1 (iOS) Software Identification and Versions [APP_PP] FPT_LIB_EXT.1 Use of Third Party Libraries [APP_PP] FPT_TUD_EXT.1 Integrity for Installation and Update [APP_PP] FPT_TUD_EXT.2 Integrity for Installation and Update Trusted Path/Channels [APP_PP] FTP_DIT_EXT.1 (iOS) Protection of Data in Transit [EC_EP] FTP_ITC_EXT.1 Inter-TSF Trusted Channel Table 12: iOS Security Functional Requirements for the TOE Class Name Component Identification Component Name Cryptographic Support [APP_PP] FCS_CKM_EXT.1 Cryptographic Key Generation Services [APP_PP] FCS_CKM.1/AK Cryptographic Asymmetric Key Generation [APP_PP] FCS_CKM.2 Cryptographic Key Establishment [EC_EP] FCS_CKM_EXT.3 Protection of Key and Key Material [EC_EP] FCS_CKM_EXT.4 Cryptographic Key Destruction [EC_EP] FCS_CKM_EXT.5 Cryptographic Key Derivation (Password/Passphrase Conditioning) [APP_PP] FCS_COP.1/SKC Cryptographic Operation – Encryption/Decryption (Android) [APP_PP] FCS_COP.1/Hash Cryptographic Operation – Hashing (Android) [APP_PP] FCS_COP.1/Sig Cryptographic Operation – Signing (Android) [APP_PP] FCS_COP.1/KeyedHash Cryptographic Operation - Keyed-Hash Message Authentication (Android) [EC_EP] FCS_COP_EXT.2 (Android) Key Wrapping [EC_EP] FCS_IVG_EXT.1 Initialization Vector Generation [EC_EP] FCS_KYC_EXT.1 Key Chaining [APP_PP] FCS_RBG_EXT.1 (Android) Random Bit Generation Services [APP_PP] FCS_RBG_EXT.2 (Android) Random Bit Generation from Application [EC_EP] FCS_SMIME_EXT.1 Secure/Multipurpose Internet Mail Extension (S/MIME) [APP_PP] FCS_STO_EXT.1(1) Storage of Credentials [APP_PP] FCS_STO_EXT.1(2) Storage of Credentials (Revocation) User Data Protection [APP_PP] FDP_DAR_EXT.1 Encryption of Sensitive Application Data [APP_PP] FDP_DEC_EXT.1 (Android) Access to Platform Resources Security Target VMware Workspace ONE Boxer Email Client 19 | P a g e Class Name Component Identification Component Name [APP_PP] FDP_NET_EXT.1 Network Communications [EC_EP] FDP_NOT_EXT.1 Notification of S/MIME Status [EC_EP] FDP_SMIME_EXT.1 S/MIME Identification and Authentication [APP_PP] FIA_X509_EXT.1 X.509 Authentication and Encryption [APP_PP] FIA_X509_EXT.2 X.509 Authentication and Encryption [EC_EP] FIA_X509_EXT.3 X.509 Authentication and Encryption Security Management [APP_PP] FMT_CFG_EXT.1 Secure by Default Configuration [APP_PP] FMT_MEC_EXT.1 Supported Configuration Mechanism [EC_EP] FMT_MOF_EXT.1 Management of Functions Behavior [APP_PP] FMT_SMF.1 Specification of Management Functions Privacy [APP_PP] FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information Protection of the TSF [APP_PP] FPT_AEX_EXT.1 Anti-Exploitation Capabilities [EC_EP] FPT_AON_EXT.1 Support for Only Trusted Add-ons [APP_PP] FPT_API_EXT.1 Use of Supported Services and APIs [APP_PP] FPT_IDV_EXT.1 (Android) Software Identification and Versions [APP_PP] FPT_LIB_EXT.1 Use of Third Party Libraries [APP_PP] FPT_TUD_EXT.1 Integrity for Installation and Update [APP_PP] FPT_TUD_EXT.2 Integrity for Installation and Update Trusted Path/Channels [APP_PP] FTP_DIT_EXT.1 (Android) Protection of Data in Transit [EC_EP] FTP_ITC_EXT.1 Inter-TSF Trusted Channel Table 13: Android Security Functional Requirements for the TOE Class Name Component Identification Component Name Cryptographic Support [APP_PP] FCS_CKM_EXT.1 Cryptographic Key Generation Services [APP_PP] FCS_CKM.1/AK Cryptographic Asymmetric Key Generation [APP_PP] FCS_CKM.2 Cryptographic Key Establishment [EC_EP] FCS_CKM_EXT.3 Protection of Key and Key Material [EC_EP] FCS_CKM_EXT.4 Cryptographic Key Destruction [EC_EP] FCS_CKM_EXT.5 Cryptographic Key Derivation (Password/Passphrase Conditioning) [EC_EP] FCS_COP_EXT.2 (iPadOS) Key Wrapping [EC_EP] FCS_IVG_EXT.1 Initialization Vector Generation [EC_EP] FCS_KYC_EXT.1 Key Chaining [APP_PP] FCS_RBG_EXT.1 (iPadOS) Random Bit Generation Services [EC_EP] FCS_SMIME_EXT.1 Secure/Multipurpose Internet Mail Extension (S/MIME) [APP_PP] FCS_STO_EXT.1(1) Storage of Credentials [APP_PP] FCS_STO_EXT.1(2) Storage of Credentials (Revocation) User Data Protection [APP_PP] FDP_DAR_EXT.1 Encryption of Sensitive Application Data [APP_PP] FDP_DEC_EXT.1 (iPadOS) Access to Platform Resources [APP_PP] FDP_NET_EXT.1 Network Communications [EC_EP] FDP_NOT_EXT.1 Notification of S/MIME Status [EC_EP] FDP_SMIME_EXT.1 S/MIME Identification and Authentication [APP_PP] FIA_X509_EXT.1 X.509 Authentication and Encryption [APP_PP] FIA_X509_EXT.2 X.509 Authentication and Encryption Security Target VMware Workspace ONE Boxer Email Client 20 | P a g e Class Name Component Identification Component Name [EC_EP] FIA_X509_EXT.3 X.509 Authentication and Encryption Security Management [APP_PP] FMT_CFG_EXT.1 Secure by Default Configuration [APP_PP] FMT_MEC_EXT.1 Supported Configuration Mechanism [EC_EP] FMT_MOF_EXT.1 Management of Functions Behavior [APP_PP] FMT_SMF.1 Specification of Management Functions Privacy [APP_PP] FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information Protection of the TSF [APP_PP] FPT_AEX_EXT.1 Anti-Exploitation Capabilities [EC_EP] FPT_AON_EXT.1 Support for Only Trusted Add-ons [APP_PP] FPT_API_EXT.1 Use of Supported Services and APIs [APP_PP] FPT_IDV_EXT.1 (iPadOS) Software Identification and Versions [APP_PP] FPT_LIB_EXT.1 Use of Third Party Libraries [APP_PP] FPT_TUD_EXT.1 Integrity for Installation and Update [APP_PP] FPT_TUD_EXT.2 Integrity for Installation and Update Trusted Path/Channels [APP_PP] FTP_DIT_EXT.1 (iPadOS) Protection of Data in Transit [EC_EP] FTP_ITC_EXT.1 Inter-TSF Trusted Channel Table 14: iPadOS Security Functional Requirements for the TOE 6.3 Security Functional Requirements Class FCS: Cryptographic Support [APP_PP] FCS_CKM_EXT.1 Cryptographic Key Generation Services FCS_CKM_EXT.1.11 The application shall [ • invoke platform-provided functionality for asymmetric key generation]. [APP_PP] FCS_CKM.1/AK Cryptographic Asymmetric Key Generation FCS_CKM.1.1/AK2 The application shall [ • invoke platform-provided functionality] to generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm [ • RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.3; • ECC schemes using “NIST curves” P-384 and [P-256] that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4 1 TD0717 2 TD0717 Security Target VMware Workspace ONE Boxer Email Client 21 | P a g e ]. [APP_PP] FCS_CKM.2 Cryptographic Key Establishment FCS_CKM.2.1 The application shall [invoke platform-provided functionality] to perform cryptographic key establishment in accordance with a specified cryptographic key establishment method: [ • RSA-based key establishment schemes that meets the following: NIST Special Publication 800-56B, “Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography”, • Elliptic curve-based key establishment schemes that meets the following: NIST Special Publication 800-56A, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” ]. [EC_EP] FCS_CKM_EXT.3 Protection of Key and Key Material FCS_CKM_EXT.3.1 The email client shall [only store keys in non-volatile memory when wrapped as specified in FCS_COP_EXT.2 unless the key meets any one of following criteria: [ The plaintext key is the public portion of the key pair ]]. [EC_EP] FCS_CKM_EXT.4 Cryptographic Key Destruction FCS_CKM_EXT.4.13 The email client shall [ • invoke platform-provided key destruction, • implement key destruction using [ o For volatile memory, the erasure shall be executed by a single direct overwrite [ ▪ consisting of zeroes] o For nonvolatile storage, the erasure shall be executed by [ ▪ single] overwrite of key data storage location consisting of [ • a static pattern]] ] that meet the following: [ • NIST SP800-88] 3 TD0352 Security Target VMware Workspace ONE Boxer Email Client 22 | P a g e for destroying all keying material and cryptographic security parameters when no longer needed. [EC_EP] FCS_CKM_EXT.5 Cryptographic Key Derivation (Password/Passphrase Conditioning) FCS_CKM_EXT.5.14 The TSF shall support a password/passphrase of up to [512] characters used to generate a password authorization factor. FCS_CKM_EXT.5.25 The TSF shall allow passwords to be composed of any combination of upper case characters, lower case characters, numbers, and the following special characters: "!", "@", "#", "$", "%", "^", "&", "*", "(", and ")", and [no other characters]. FCS_CKM_EXT.5.36 The TSF shall perform Password-based Key Derivation Functions in accordance with a specified cryptographic algorithm HMAC- [SHA-256], with [10k for iOS and iPadOS, 20k for Android] iterations, and output cryptographic key sizes [256] bits that meet the following: NIST SP 800-132. FCS_CKM_EXT.5.47 The TSF shall not accept passwords less than [a value settable by the administrator] and greater than the maximum password length defined in FCS_CKM_EXT.5.1. [APP_PP] FCS_COP.1/SKC Cryptographic Operation – Encryption/Decryption (Android) FCS_COP.1.1/SKC8 The application shall perform encryption/decryption in accordance with a specified cryptographic algorithm [ • AES-CBC (as defined in NIST SP 800-38A) mode • AES-CTR (as defined in NIST SP 800-38A) mode ] and cryptographic key sizes [128-bit, 256-bit]. [APP_PP] FCS_COP.1/Hash Cryptographic Operation – Hashing (Android) FCS_COP.1.1/Hash9 The application shall perform cryptographic hashing services in accordance with a specified cryptographic algorithm [ 4 TD0266 5 TD0266 6 TD0266 7 TD0266 8 TD0717 9 TD0717 Security Target VMware Workspace ONE Boxer Email Client 23 | P a g e • SHA-256, • SHA-384, • SHA-512] and message digest sizes [ • 256, • 384, • 512] bits that meet the following: FIPS Pub 180-4. [APP_PP] FCS_COP.1/Sig Cryptographic Operation – Signing (Android) FCS_COP.1.1/Sig10 The application shall perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm [ • RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section 5 ]. [APP_PP] FCS_COP.1/KeyedHash Cryptographic Operation - Keyed-Hash Message Authentication (Android) FCS_COP.1.1/KeyedHash11 The application shall perform keyed-hash message authentication in accordance with a specified cryptographic algorithm [ • HMAC-SHA-256] and [ • no other algorithms] with key sizes [256 bits] and message digest sizes [256] and [no other size] bits that meet the following: FIPS Pub 198-1 The Keyed-Hash Message Authentication Code and FIPS Pub 180-4 Secure Hash Standard. [EC_EP] FCS_COP_EXT.2 (iOS) Key Wrapping FCS_COP_EXT.2.1(iOS) The email client shall [use platform-provided functionality to perform Key Wrapping] in accordance with a specified cryptographic algorithm 10 TD0717 11 TD0717 Security Target VMware Workspace ONE Boxer Email Client 24 | P a g e [AES Key Wrap] and the cryptographic key size [256 bits (AES)] that meet the following: ["NIST SP 800-38F" for Key Wrap (section 6.2) and Key Wrap with Padding (section 6.3)]. [EC_EP] FCS_COP_EXT.2 (Android) Key Wrapping FCS_COP_EXT.2.1(Android) The email client shall [implement functionality to perform Key Wrapping] in accordance with a specified cryptographic algorithm [AES Key Wrap] and the cryptographic key size [256 bits (AES)] that meet the following: ["NIST SP 800-38F" for Key Wrap (section 6.2) and Key Wrap with Padding (section 6.3)]. [EC_EP] FCS_COP_EXT.2 (iPadOS) Key Wrapping FCS_COP_EXT.2.1(iPadOS) The email client shall [use platform-provided functionality to perform Key Wrapping] in accordance with a specified cryptographic algorithm [AES Key Wrap] and the cryptographic key size [256 bits (AES)] that meet the following: ["NIST SP 800-38F" for Key Wrap (section 6.2) and Key Wrap with Padding (section 6.3)]. [EC_EP] FCS_IVG_EXT.1 Initialization Vector Generation FCS_IVG_EXT.1.1 The email client shall create IVs in the following manner: [CBC: IVs shall be non-repeating]. [EC_EP] FCS_KYC_EXT.1 Key Chaining FCS_KYC_EXT.1.1 Security Target VMware Workspace ONE Boxer Email Client 25 | P a g e The email client shall maintain a key chain of: [intermediate keys originating from: [a password as specified in FCS_CKM_EXT.5.1]] to the data encryption/decryption key(s) using the following method(s): [implement Key Wrapping as specified in FCS_COP_EXT.2] while maintaining an effective strength of [256 bits]. [APP_PP] FCS_RBG_EXT.1 (iOS) Random Bit Generation Services FCS_RBG_EXT.1.1(iOS) The application shall [invoke platform-provided DRBG functionality] for its cryptographic operations. [APP_PP] FCS_RBG_EXT.1 (Android) Random Bit Generation Services FCS_RBG_EXT.1.1(Android) The application shall [invoke platform-provided DRBG functionality, implement DRBG functionality] for its cryptographic operations. [APP_PP] FCS_RBG_EXT.1 (iPadOS) Random Bit Generation Services FCS_RBG_EXT.1.1(iPadOS) The application shall [invoke platform-provided DRBG functionality] for its cryptographic operations. [APP_PP] FCS_RBG_EXT.2 (Android) Random Bit Generation from Application FCS_RBG_EXT.2.1 The application shall perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using [CTR_DRBG (AES)]. FCS_RBG_EXT.2.2 The deterministic RBG shall be seeded by an entropy source that accumulates entropy from a platform-based DRBG and [ • no other noise source] with a minimum of [ • 256 bits] of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate. Security Target VMware Workspace ONE Boxer Email Client 26 | P a g e [EC_EP] FCS_SMIME_EXT.1 Secure/Multipurpose Internet Mail Extension (S/MIME) FCS_SMIME_EXT.1.112 The email client shall implement both a sending and receiving S/MIME v4.0 Agent as defined in RFC 8551, using CMS as defined in RFCs 5652, 5754, and 3565. FCS_SMIME_EXT.1.213 The email client shall transmit the ContentEncryptionAlgorithmIdentifier for AES-128 CBC, AES- 256 CBC and [no other] as part of the S/MIME protocol. FCS_SMIME_EXT.1.3 The email client shall present the digestAlgorithm field with the following Message Digest Algorithm identifiers [id-sha256, id-sha384, id-sha512] and no others as part of the S/MIME protocol. FCS_SMIME_EXT.1.414 The email client shall present the signatureAlgorithm field with the following sha256withRSAEncryption and [no other algorithms] as part of the S/MIME protocol. FCS_SMIME_EXT.1.5 The email client shall support use of different private keys (and associated certificates) for signature and for encryption as part of the S/MIME protocol. FCS_SMIME_EXT.1.6 The email client shall only accept a signature from a certificate with the digitalSignature bit set as part of the S/MIME protocol. FCS_SMIME_EXT.1.7 The email client shall implement mechanisms to retrieve certificates and certificate revocation information [[at a frequency equal to the value received from OCSP responder or an administratively set value which overrides the value from OCSP responder]] as part of the S/MIME protocol. [APP_PP] FCS_STO_EXT.1(1) Storage of Credentials FCS_STO_EXT.1.1(1) The application shall [ • invoke the functionality provided by the platform to securely store [Android credentials defined in Table 17, iOS/iPadOS credentials defined in Table 18], • implement functionality to securely store [Android credentials defined in Table 17] according to [FCS_COP.1/SKC] ] to nonvolatile memory. 12 TD0560 13 TD0560 14 TD0560 Security Target VMware Workspace ONE Boxer Email Client 27 | P a g e [APP_PP] FCS_STO_EXT.1(2) Storage of Credentials (Revocation) FCS_STO_EXT.1.1(2) The application shall [ • invoke the functionality provided by the platform to securely store [iOS platform S/MIME revocation status information, iPadOS platform S/MIME revocation status information], • implement functionality to securely store [Android platform S/MIME revocation status information] according to [FCS_COP.1/SKC] ] to nonvolatile memory. Class FDP: User Data Protection [APP_PP] FDP_DAR_EXT.1 Encryption of Sensitive Application Data FDP_DAR_EXT.1.1 The application shall [ • leverage platform-provided functionality to encrypt sensitive data, • protect sensitive data in accordance with FCS_STO_EXT.1] in non-volatile memory. [APP_PP] FDP_DEC_EXT.1 (iOS) Access to Platform Resources FDP_DEC_EXT.1.1(iOS) The application shall restrict its access to [ • network connectivity, • camera, • [device storage, phone, and touch/face ID]]. FDP_DEC_EXT.1.2(iOS) The application shall restrict its access to [ • address book, • calendar]. [APP_PP] FDP_DEC_EXT.1 (Android) Access to Platform Resources FDP_DEC_EXT.1.1(Android) The application shall restrict its access to [ • network connectivity, • camera, • NFC, • [device storage, phone, fingerprint, and vibrator]]. Security Target VMware Workspace ONE Boxer Email Client 28 | P a g e FDP_DEC_EXT.1.2(Android) The application shall restrict its access to [ • address book, • calendar • [accounts, profile]]. [APP_PP] FDP_DEC_EXT.1 (iPadOS) Access to Platform Resources FDP_DEC_EXT.1.1(iPadOS) The application shall restrict its access to [ • network connectivity, • camera, • [device storage, phone, and touch/face ID]]. FDP_DEC_EXT.1.2(iPadOS) The application shall restrict its access to [ • address book, • calendar]. [APP_PP] FDP_NET_EXT.1 Network Communications FDP_NET_EXT.1.1 The application shall restrict network communication to [ • user-initiated communication for [sending email, forcing sync (calendar, address book, email), Global Address List (GAL) lookup, email search], • [application initiated actions: ActiveSync (calendar, address book, email), OCSP for S/MIME revocation checking, Version Information Check ] ]. [EC_EP] FDP_NOT_EXT.1 Notification of S/MIME Status FDP_NOT_EXT.1.1 The email client shall display a notification of the S/MIME status of received emails upon viewing. [EC_EP] FDP_SMIME_EXT.1 S/MIME FDP_SMIME_EXT.1.1 The email client shall use S/MIME to sign, verify, encrypt, and decrypt mail. Security Target VMware Workspace ONE Boxer Email Client 29 | P a g e Class FIA: Identification and Authentication [APP_PP] FIA_X509_EXT.1 X.509 Certificate Validation FIA_X509_EXT.1.1 The application shall [invoke platform-provided functionality] to validate certificates in accordance with the following rules: • RFC 5280 certificate validation and certificate path validation • The certificate path must terminate with a trusted CA certificate • The application shall validate a certificate path by ensuring the presence of the basicConstraints extension, that the CA flag is set to TRUE for all CA certificates, and that any path constraints are met • The application shall validate that any CA certificate includes caSigning purpose in the key usage field • The application shall validate the revocation status of the certificate using [OCSP as specified in RFC 6960] • The application shall validate the extendedKeyUsage (EKU) field according to the following rules: o Certificates used for trusted updates and executable code integrity verification shall have the Code Signing Purpose (id-kp 3 with OID 1.3.6.1.5.5.7.3.3) in the extendedKeyUsage field. o Server certificates presented for TLS shall have the Server Authentication purpose (id-kp 1 with OID 1.3.6.1.5.5.7.3.1) in the EKU field. o Client certificates presented for TLS shall have the Client Authentication purpose (id-kp 2 with OID 1.3.6.1.5.5.7.3.2) in the EKU field. o S/MIME certificates presented for email encryption and signature shall have the Email Protection purpose (id-kp 4 with OID 1.3.6.1.5.5.7.3.4) in the EKU field. o OCSP certificates presented for OCSP responses shall have the OCSP Signing purpose (id-kp 9 with OID 1.3.6.1.5.5.7.3.9) in the EKU field. o Server certificates presented for EST shall have the CMC Registration Authority (RA) purpose (id-kp-cmcRA with OID 1.3.6.1.5.5.7.3.28) in the EKU field. FIA_X509_EXT.1.2 The application shall only treat a certificate as a CA certificate if the basicConstraints extension is present and the CA flag is set to TRUE. [APP_PP] FIA_X509_EXT.2 X.509 Certificate Authentication FIA_X509_EXT.2.1 The application shall use X.509v3 certificates as defined by RFC 5280 to support authentication for [TLS]. FIA_X509_EXT.2.2 When the application cannot establish a connection to determine the validity of a certificate, the application shall [allow the administrator to choose whether to accept the certificate in these cases]. Security Target VMware Workspace ONE Boxer Email Client 30 | P a g e [EC_EP] FIA_X509_EXT.3 X.509 Authentication and Encryption FIA_X509_EXT.3.1 The email client shall use X.509v3 certificates as defined by RFC 5280 to support encryption and authentication for S/MIME. FIA_X509_EXT.3.2 The email client shall prevent the establishment of a trusted communication channel when the peer certificate is deemed invalid. FIA_X509_EXT.3.3 The email client shall prevent the installation of code if the code signing certificate is deemed invalid. FIA_X509_EXT.3.4 The email client shall prevent the encryption of email if the email protection certificate is deemed invalid. FIA_X509_EXT.3.5 The email client shall prevent the signing of email if the email protection certificate is deemed invalid. Class FMT: Security Management [APP_PP] FMT_CFG_EXT.1 Secure by Default Configuration FMT_CFG_EXT.1.1 The application shall provide only enough functionality to set new credentials when configured with default credentials or no credentials. FMT_CFG_EXT.1.2 The application shall be configured by default with file permissions which protect the application binaries and data files from modification by normal unprivileged users. [APP_PP] FMT_MEC_EXT.1 Supported Configuration Mechanism FMT_MEC_EXT.1.1 The application shall [ • invoke the mechanisms recommended by the platform vendor for storing and setting configuration options]. [EC_EP] FMT_MOF_EXT.1 Management of Functions Behavior FMT_MOF_EXT.1.1 Security Target VMware Workspace ONE Boxer Email Client 31 | P a g e The email client shall be capable of performing the following management functions, controlled by the user or administrator as shown: X: Mandatory O: Optional Management Function Administrator User Enable/disable plaintext only mode globally and by [no other method] O Configure message sending/receiving to only use cryptographic algorithms defined in FCS_SMIME_EXT.1 O Change password/passphrase authentication credential O Configure cryptographic functionality O [Configure Password Complexity Policy: Length O Configure OCSP retrieval frequency] O [APP_PP] FMT_SMF.1 Specification of Management Functions FMT_SMF.1.1 The TSF shall be capable of performing the following management functions [ • [Change password/passphrase authentication credential] ]. Class FPR: Privacy [APP_PP] FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information FPR_ANO_EXT.1.1 The application shall [ • not transmit PII over a network]. Class FPT: Protection of the TSF [APP_PP] FPT_AEX_EXT.1 Anti-Exploitation Capabilities FPT_AEX_EXT.1.1 The application shall not request to map memory at an explicit address except for [the designated use of mmap for the use of "reallocating" memory to expand the Boxer database file map]. FPT_AEX_EXT.1.2 The application shall [ • not allocate any memory region with both write and execute permissions]. Security Target VMware Workspace ONE Boxer Email Client 32 | P a g e FPT_AEX_EXT.1.3 The application shall be compatible with security features provided by the platform vendor. FPT_AEX_EXT.1.4 The application shall not write user-modifiable files to directories that contain executable files unless explicitly directed by the user to do so. FPT_AEX_EXT.1.5 The application shall be built with stack-based buffer overflow protection enabled. [EC_EP] FPT_AON_EXT.1 Support for Only Trusted Add-ons FPT_AON_EXT.1.1 The email client shall include the capability to load [no add-ons]. [APP_PP] FPT_API_EXT.1 Use of Supported Services and APIs FPT_API_EXT.1.1 The application shall use only documented platform APIs. [APP_PP] FPT_IDV_EXT.1 (iOS) Software Identification and Versions FPT_IDV_EXT.1.1(iOS) The application shall be versioned with [[(YY.MM.PP) last two digits of year, two-digit numerical representation of the month of the package release date, patch under minor version]]. [APP_PP] FPT_IDV_EXT.1 (Android) Software Identification and Versions FPT_IDV_EXT.1.1(Android) The application shall be versioned with [[(YY.MM.PP.BB) last two digits of year, two-digit numerical representation of the month of the package release date, patch under minor version, and build number]]. [APP_PP] FPT_IDV_EXT.1 (iPadOS) Software Identification and Versions FPT_IDV_EXT.1.1(iPadOS) The application shall be versioned with [[(YY.MM.PP) last two digits of year, two-digit numerical representation of the month of the package release date, patch under minor version]]. [APP_PP] FPT_LIB_EXT.1 Use of Third Party Libraries FPT_LIB_EXT.1.1 The application shall be packaged with only [see Android, iOS, and iPadOS list details in Section 8.6.5]. Security Target VMware Workspace ONE Boxer Email Client 33 | P a g e [APP_PP] FPT_TUD_EXT.1 Integrity for Installation and Update FPT_TUD_EXT.1.1 The application shall [provide the ability, leverage the platform] to check for updates and patches to the application software. FPT_TUD_EXT.1.2 The application shall [provide the ability] to query the current version of the application software. FPT_TUD_EXT.1.3 The application shall not download, modify, replace or update its own binary code. FPT_TUD_EXT.1.4 Application updates shall be digitally signed such that the application platform can cryptographically verify them prior to installation. FPT_TUD_EXT.1.5 The application is distributed [as an additional software package to the platform OS]. [APP_PP] FPT_TUD_EXT.2 Integrity for Installation and Update FPT_TUD_EXT.2.115 The application shall be distributed using [the format of the platform-supported package manager]. FPT_TUD_EXT.2.2 The application shall be packaged such that its removal results in the deletion of all traces of the application, with the exception of configuration settings, output files, and audit/log events. FPT_TUD_EXT.2.3 The application installation package shall be digitally signed such that its platform can cryptographically verify them prior to installation. Class FTP: Trusted Path/Channels [APP_PP] FTP_DIT_EXT.1 (iOS) Protection of Data in Transit FTP_DIT_EXT.1.1(iOS)16 The application shall [invoke platform-provided functionality to encrypt all transmitted sensitive data with [TLS] for [sending and receiving emails]] between itself and another trusted IT product. 15 TD0628 16 TD0743 Security Target VMware Workspace ONE Boxer Email Client 34 | P a g e [APP_PP] FTP_DIT_EXT.1 (Android) Protection of Data in Transit FTP_DIT_EXT.1.1(Android)17 The application shall [invoke platform-provided functionality to encrypt all transmitted data with [TLS] for [sending and receiving emails]] between itself and another trusted IT product. [APP_PP] FTP_DIT_EXT.1 (iPadOS) Protection of Data in Transit FTP_DIT_EXT.1.1(iPadOS)18 The application shall [invoke platform-provided functionality to encrypt all transmitted sensitive data with [TLS] for [sending and receiving emails]] between itself and another trusted IT product. If [EC_EP] FTP_ITC_EXT.1 Inter-TSF Trusted Channel FTP_ITC_EXT.1.1 The email client shall initiate or receive communication via the trusted channel. FTP_ITC_EXT.1.2 The email client shall communicate via the trusted channel for [ActiveSync]. 6.4 Statement of Security Functional Requirements Consistency The Security Functional Requirements included in the ST represent all required SFRs specified in the PPs against which exact conformance is claimed a subset of the optional SFRs. All hierarchical relationships, dependencies, and unfulfilled dependency rationales in the ST are considered to be identical to those that are defined in the claimed PP. 17 TD0743 18 TD0743 Security Target VMware Workspace ONE Boxer Email Client 35 | P a g e 7 Security Assurance Requirements This section identifies the Security Assurance Requirements (SARs) that are claimed for the TOE. The SARs which are claimed are in exact conformance with the [APP_PP] and [EC_EP]. 7.1 Class ASE: Security Target ST introduction (ASE_INT.1) Developer action elements: ASE_INT.1.1D The developer shall provide an ST introduction. Content and presentation elements: ASE_INT.1.1C The ST introduction shall contain an ST reference, a TOE reference, a TOE overview and a TOE description. ASE_INT.1.2C The ST reference shall uniquely identify the ST. ASE_INT.1.3C The TOE reference shall uniquely identify the TOE. ASE_INT.1.4C The TOE overview shall summarize the usage and major security features of the TOE. ASE_INT.1.5C The TOE overview shall identify the TOE type. ASE_INT.1.6C The TOE overview shall identify any non-TOE hardware/software/firmware required by the TOE. ASE_INT.1.7C The TOE description shall describe the physical scope of the TOE. ASE_INT.1.8C The TOE description shall describe the logical scope of the TOE. Evaluator action elements: ASE_INT.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Security Target VMware Workspace ONE Boxer Email Client 36 | P a g e ASE_INT.1.2E The evaluator shall confirm that the TOE reference, the TOE overview, and the TOE description are consistent with each other. Conformance claims (ASE_CCL.1) Developer action elements: ASE_CCL.1.1D The developer shall provide a conformance claim. ASE_CCL.1.2D The developer shall provide a conformance claim rationale Content and presentation elements: ASE_CCL.1.1C The conformance claim shall contain a CC conformance claim that identifies the version of the CC to which the ST and the TOE claim conformance. ASE_CCL.1.2C The CC conformance claim shall describe the conformance of the ST to CC Part 2 as either CC Part 2 conformant or CC Part 2 extended. ASE_CCL.1.3C The CC conformance claim shall describe the conformance of the ST to CC Part 3 as either CC Part 3 conformant or CC Part 3 extended. ASE_CCL.1.4C The CC conformance claim shall be consistent with the extended components definition. ASE_CCL.1.5C The conformance claim shall identify all PPs and security requirement packages to which the ST claims conformance. ASE_CCL.1.6C The conformance claim shall describe any conformance of the ST to a package as either package- conformant or package-augmented. ASE_CCL.1.7C The conformance claim rationale shall demonstrate that the TOE type is consistent with the TOE type in the PPs for which conformance is being claimed. ASE_CCL.1.8C Security Target VMware Workspace ONE Boxer Email Client 37 | P a g e The conformance claim rationale shall demonstrate that the statement of the security problem definition is consistent with the statement of the security problem definition in the PPs for which conformance is being claimed. ASE_CCL.1.9C The conformance claim rationale shall demonstrate that the statement of security objectives is consistent with the statement of security objectives in the PPs for which conformance is being claimed. ASE_CCL.1.10C The conformance claim rationale shall demonstrate that the statement of security requirements is consistent with the statement of security requirements in the PPs for which conformance is being claimed. Evaluator action elements: ASE_CCL.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Security problem definition (ASE_SPD) Developer action elements: ASE_SPD.1.1D The developer shall provide a security problem definition. Content and presentation elements: ASE_SPD.1.1C The security problem definition shall describe the threats. ASE_SPD.1.2C All threats shall be described in terms of a threat agent, an asset, and an adverse action. ASE_SPD.1.3C The security problem definition shall describe the OSPs. ASE_SPD.1.4C The security problem definition shall describe the assumptions about the operational environment of the TOE. Evaluator action elements: ASE_SPD.1.1E Security Target VMware Workspace ONE Boxer Email Client 38 | P a g e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Security objectives for the operational environment (ASE_OBJ.1) Developer action elements: ASE_OBJ.1.1D The developer shall provide a statement of security objectives. Content and presentation elements: ASE_OBJ.1.1C The statement of security objectives shall describe the security objectives for the operational environment. Evaluator action elements: ASE_OBJ.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Extended components definition (ASE_ECD.1) Developer action elements: ASE_ECD.1.1D The developer shall provide a statement of security requirements. ASE_ECD.1.2D The developer shall provide an extended components definition. Content and presentation elements: ASE_ECD.1.1C The statement of security requirements shall identify all extended security requirements. ASE_ECD.1.2C The extended components definition shall define an extended component for each extended security requirement. ASE_ECD.1.3C The extended components definition shall describe how each extended component is related to the existing CC components, families, and classes. ASE_ECD.1.4C Security Target VMware Workspace ONE Boxer Email Client 39 | P a g e The extended components definition shall use the existing CC components, families, classes, and methodology as a model for presentation. ASE_ECD.1.5C The extended components shall consist of measurable and objective elements such that conformance or nonconformance to these elements can be demonstrated. Evaluator action elements: ASE_ECD.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ASE_ECD.1.2E The evaluator shall confirm that no extended component can be clearly expressed using existing components. Stated security requirements (ASE_REQ.1) Developer action elements: ASE_REQ.1.1D The developer shall provide a statement of security requirements. ASE_REQ.1.2D The developer shall provide a security requirements rationale. Content and presentation elements: ASE_REQ.1.1C The statement of security requirements shall describe the SFRs and the SARs. ASE_REQ.1.2C All subjects, objects, operations, security attributes, external entities and other terms that are used in the SFRs and the SARs shall be defined. ASE_REQ.1.3C The statement of security requirements shall identify all operations on the security requirements. ASE_REQ.1.4C All operations shall be performed correctly. ASE_REQ.1.5C Each dependency of the security requirements shall either be satisfied, or the security requirements rationale shall justify the dependency not being satisfied. Security Target VMware Workspace ONE Boxer Email Client 40 | P a g e ASE_REQ.1.6C The statement of security requirements shall be internally consistent. Evaluator action elements: ASE_REQ.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. TOE summary specification (ASE_TSS.1) Developer action elements: ASE_TSS.1.1D The developer shall provide a TOE summary specification. Content and presentation elements: ASE_TSS.1.1C The TOE summary specification shall describe how the TOE meets each SFR. In the case of entropy analysis, the TSS is used in conjunction with required supplementary information on Entropy. Evaluator action elements: ASE_TSS.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ASE_TSS.1.2E The evaluator shall confirm that the TOE summary specification is consistent with the TOE overview and the TOE description. 7.2 Class ADV: Development Basic Functional Specification (ADV_FSP.1) Developer action elements: ADV_FSP.1.1D The developer shall provide a functional specification. ADV_FSP.1.2D The developer shall provide a tracing from the functional specification to the SFRs. Security Target VMware Workspace ONE Boxer Email Client 41 | P a g e Content and presentation elements: ADV_FSP.1.1C The functional specification shall describe the purpose and method of use for each SFR-enforcing and SFR-supporting TSFI. ADV_FSP.1.2C The functional specification shall identify all parameters associated with each SFR-enforcing and SFR-supporting TSFI. ADV_FSP.1.3C The functional specification shall provide rationale for the implicit categorization of interfaces as SFR-non-interfering. ADV_FSP.1.4C The tracing shall demonstrate that the SFRs trace to TSFIs in the functional specification. Evaluator action elements: ADV_ FSP.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ADV_ FSP.1.2E The evaluator shall determine that the functional specification is an accurate and complete instantiation of the SFRs. 7.3 Class AGD: Guidance Documentation Operational User Guidance (AGD_OPE.1) Developer action elements: AGD_OPE.1.1D The developer shall provide operational user guidance. Content and presentation elements: AGD_OPE.1.1C The operational user guidance shall describe, for each user role, the user-accessible functions and privileges that should be controlled in a secure processing environment, including appropriate warnings. AGD_OPE.1.2C Security Target VMware Workspace ONE Boxer Email Client 42 | P a g e The operational user guidance shall describe, for each user role, how to use the available interfaces provided by the TOE in a secure manner. AGD_OPE.1.3C The operational user guidance shall describe, for each user role, the available functions and interfaces, in particular all security parameters under the control of the user, indicating secure values as appropriate. AGD_OPE.1.4C The operational user guidance shall, for each user role, clearly present each type of security-relevant event relative to the user-accessible functions that need to be performed, including changing the security characteristics of entities under the control of the TSF. AGD_OPE.1.5C The operational user guidance shall identify all possible modes of operation of the TOE (including operation following failure or operational error), their consequences, and implications for maintaining secure operation. AGD_OPE.1.6C The operational user guidance shall, for each user role, describe the security measures to be followed in order to fulfill the security objectives for the operational environment as described in the ST. AGD_OPE.1.7C The operational user guidance shall be clear and reasonable. Evaluator action elements: AGD_OPE.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Preparative Procedures (AGD_PRE.1) Developer action elements: AGD_PRE.1.1D The developer shall provide the TOE, including its preparative procedures. Content and presentation elements: AGD_ PRE.1.1C The preparative procedures shall describe all the steps necessary for secure acceptance of the delivered TOE in accordance with the developer's delivery procedures. AGD_ PRE.1.2C Security Target VMware Workspace ONE Boxer Email Client 43 | P a g e The preparative procedures shall describe all the steps necessary for secure installation of the TOE and for the secure preparation of the operational environment in accordance with the security objectives for the operational environment as described in the ST. Evaluator action elements: AGD_ PRE.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AGD_ PRE.1.2E The evaluator shall apply the preparative procedures to confirm that the TOE can be prepared securely for operation. 7.4 Class ALC: Life Cycle Support Labeling of the TOE (ALC_CMC.1) Developer action elements: ALC_CMC.1.1D The developer shall provide the TOE and a reference for the TOE. Content and presentation elements: ALC_CMC.1.1C The application shall be labeled with a unique reference. Evaluator action elements: ALC_CMC.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. TOE CM Coverage (ALC_CMS.1) Developer action elements: ALC_CMS.1.1D The developer shall provide a configuration list for the TOE. Content and presentation elements: ALC_CMS.1.1C Security Target VMware Workspace ONE Boxer Email Client 44 | P a g e The configuration list shall include the following: the TOE itself; and the evaluation evidence required by the SARs. ALC_CMS.1.2C The configuration list shall uniquely identify the configuration items. Evaluator action elements: ALC_CMS.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Timely Security Updates (ALC_TSU_EXT.1) Developer Actions Element: ALC_TSU_EXT.1.1D The developer shall provide a description in the TSS of how timely security updates are made to the TOE. ALC_TSU_EXT.1.2D The developer shall provide a description in the TSS of how users are notified when updates change security properties or the configuration of the product. Content and presentation elements: ALC_TSU_EXT.1.1C The description shall include the process for creating and deploying security updates for the TOE software. ALC_TSU_EXT.1.2C The description shall express the time window as the length of time, in days, between public disclosure of a vulnerability and the public availability of security updates to the TOE. ALC_TSU_EXT.1.3C The description shall include the mechanisms publicly available for reporting security issues pertaining to the TOE. Evaluator action elements: ALC_TSU_EXT.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Security Target VMware Workspace ONE Boxer Email Client 45 | P a g e 7.5 Class ATE: Tests Independent Testing - Conformance (ATE_IND.1) Developer action elements: ATE_IND.1.1D The developer shall provide the TOE for testing. Content and presentation elements: ATE_IND.1.1C The TOE shall be suitable for testing. Evaluator action elements: ATE_IND.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ATE_IND.1.2E The evaluator shall test a subset of the TSF to confirm that the TSF operates as specified. 7.6 Class AVA: Vulnerability Assessment Vulnerability Survey (AVA_VAN.1) Developer action elements: AVA_VAN.1.1D The developer shall provide the TOE for testing. Content and presentation elements: AVA_VAN.1.1C The application shall be suitable for testing. Evaluator action elements: AVA_VAN.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AVA_VAN.1.2E Security Target VMware Workspace ONE Boxer Email Client 46 | P a g e The evaluator shall perform a search of public domain sources to identify potential vulnerabilities in the TOE. AVA_VAN.1.3E The evaluator shall conduct penetration testing, based on the identified potential vulnerabilities, to determine that the TOE is resistant to attacks performed by an attacker possessing Basic attack potential. Security Target VMware Workspace ONE Boxer Email Client 47 | P a g e 8 TOE Summary Specification The following sections identify the security functions of the TOE and describe how the TSF meets each claimed SFR. They include Cryptographic Support, User Data Protection, Identification and Authentication, Security Management, Privacy, Protection of the TSF, and Trusted Path/Channels. 8.1 Cryptographic Support [iOS] TLS communication and S/MIME cryptographic services for Boxer application installed on an iPhone device are provided by the underlying platform. The specific cryptographic implementation for the iOS platform can be found in the Apple iOS 16 Security Target documentation (VID11349). [iPadOS] TLS communication and S/MIME cryptographic services for Boxer application installed on an iPad device are provided by the underlying platform. The specific cryptographic implementation for the iPadOS platform can be found in the Apple iPadOS 16 Security Target documentation (VID11350). [Android] TLS communication cryptographic services for the Boxer application installed on a Samsung Galaxy device is provided by the underlying platform. The specific cryptographic implementation for the Android platform can be found in the Samsung Android 13 Security Target documentation (VID11342). Additionally, when Boxer is installed on a device running the Android OS 13, the application includes OpenSSL software library 3.0 to perform the cryptographic services for S/MIME functionality. The CAVP certificates for Boxer’s OpenSSL Android implementation are specified in Table 15. Table 15: CAVP Certificates for Boxer’s OpenSSL Implementation on Android OpenSSL Algorithm for S/MIME SFR Operational Environment Consolidated CAVP Cert. # FCS_COP.1/KeyedHash FCS_CKM_EXT.5.3, HMAC-SHA-256, 256-bit key size Android 13 on Qualcomm Qualcomm SM7325 Snapdragon 778G A5072 FCS_COP.1/SKC FCS_SMIME_EXT.1.2, AES-128-CBC and AES-256-CBC A5072 FCS_COP.1/SKC Encryption of Boxer specific database used in support of FCS_STO_EXT.1(1) & (2) storage of specific keys. AES-256-CBC A5072 FCS_COP.1/Hash FCS_SMIME_EXT.1.3, SHA-256, SHA-384, SHA-512 A5072 FCS_COP.1/Sig FCS_SMIME_EXT.1.4, RSA (2048, SHA- 256) A5072 FCS_RBG_EXT.2.1 (Android) per FCS_RBG_EXT.1.1 (Android) DRBG CTR (AES- 256) A5072 FCS_RBG_EXT.2.1 (Android) per FCS_RBG_EXT.1.1 (Android) FCS_COP.1/SKC AES-256-CTR A5072 Security Target VMware Workspace ONE Boxer Email Client 48 | P a g e Below is a table that references which cryptographic library is responsible for performing the cryptographic function (SFR) per Android, iOS, and iPadOS platform. SFR Cryptographic Function iOS Platform iPadOS Android Platform Platform OpenSSL [APP_PP] FCS_CKM_EXT.1 Cryptographic Key Generation Services X X X N/A [APP_PP] FCS_CKM.1/AK Cryptographic Key Establishment X X X N/A [APP_PP] FCS_CKM.2 Cryptographic Key Establishment X X X N/A [APP_PP] FCS_COP.1/SKC Cryptographic Operation – Encryption/Decryption X X X X [APP_PP] FCS_COP.1/Hash Cryptographic Operation - Hashing X X X X [APP_PP] FCS_COP.1/Sig Cryptographic Operation - Signing X X X X [APP_PP] FCS_COP.1/KeyedHash Cryptographic Operation - Keyed-Hash Message Authentication X X X X [APP_PP] FCS_RBG_EXT.1 (iOS) Random Bit Generation Services X N/A N/A N/A [APP_PP] FCS_RBG_EXT.1 (Android) Random Bit Generation Services N/A N/A X X [APP_PP] FCS_RBG_EXT.1 (iPadOS) Random Bit Generation Services N/A X N/A N/A [APP_PP] FCS_RBG_EXT.2 (Android) Random Bit Generation from Application N/A N/A N/A X [APP_PP] FCS_STO_EXT.1(1) Storage of Credentials X X X X [APP_PP] FCS_STO_EXT.1(2) Storage of Credentials (Revocation) X X X X [EC_EP] FCS_CKM_EXT.3 Protection of Key and Key Material X X N/A X [EC_EP] FCS_CKM_EXT.4 Cryptographic Key Destruction X X X X [EC_EP] FCS_CKM_EXT.5 Cryptographic Key Derivation (Password/Passphrase Conditioning) X X N/A X [EC_EP] FCS_COP_EXT.2 (iOS) Key Wrapping X N/A N/A N/A Security Target VMware Workspace ONE Boxer Email Client 49 | P a g e Table 16: Cryptographic Libraries [APP_PP] FCS_CKM_EXT.1 and FCS_CKM.1.1/AK The TOE uses assigned certificates that are generated through the UEM Server (operational environment) communicating with a certificate authority server. The assigned certificates are used for user S/MIME functionality. The TOE invokes the platform to support asymmetric key generation in support of TLS communications. The platform provided functionality supports both RSA schemes using cryptographic key sizes of 2048- bit or greater that meet FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.3 and ECC schemes using “NIST curves” P-256, P-384 that meet FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4. [APP_PP] FCS_CKM.2 The TOE invokes the platform in support of two key establishment schemes for the establishment of TLS communications: • RSA key establishment conforming to “NIST SP 800-56B”, • Elliptic curve-based key establishment conforming to NIST Special Publication 800-56A. The TOE invokes the platform-provided functionality to perform Cryptographic Key Establishment for both Apple iOS 16 (VID11349), Apple iPadOS 16 (VID11350), and Android 13 (VID11342). [EC_EP] FCS_CKM_EXT.3 Keys are wrapped according to the chain process described in FCS_KYC_EXT.1 and each iteration of FCS_COP_EXT.2. See Section 8.1.15 FCS_STO_EXT.1(1): Table 17 and Table 18 for the description on secure storage (volatile and non-volatile), destruction, and usage of keys. [EC_EP] FCS_CKM_EXT.4 The TOE invokes and implements key destruction on all platforms. The method is dependent on the key and its storage location as to whether the TOE will implement or invoke this functionality. When a plaintext or private key stored in volatile or non-volatile memory is no longer needed, for example a TLS communication session closed, task completed, or the application being wiped, the TOE either implements or invokes the platform to perform the key destruction. Key destruction performed by [EC_EP] FCS_COP_EXT.2 (Android) Key Wrapping N/A N/A N/A X [EC_EP] FCS_COP_EXT.2 (iPadOS) Key Wrapping N/A X N/A N/A [EC_EP] FCS_IVG_EXT.1 Initialization Vector Generation X X N/A X [EC_EP] FCS_KYC_EXT.1 Key Chaining X X N/A X [EC_EP] FCS_SMIME_EXT.1 Secure/Multipurpose Internet Mail Extension (S/MIME) X X N/A X Security Target VMware Workspace ONE Boxer Email Client 50 | P a g e Boxer is done with a single overwrite consisting of zeroes before releasing the volatile memory and a single overwrite consisting of a static pattern of zeroes before releasing the non-volatile storage space that meet NIST SP800-88. Key destruction performed by the OS is done in accordance with: [Android] The specific cryptographic implementation for the Android platform can be found in the Samsung Electronics Co., Ltd. Samsung Galaxy Devices on Android 13 – Spring Security Target documentation (VID11342). [iOS] The specific cryptographic implementation for the iOS platform can be found in the Apple iOS 16 Security Target documentation (VID11349). [iPadOS] The specific cryptographic implementation for the iPadOS platform can be found in the Apple iPadOS 16 Security Target documentation (VID11350). See Section 8.1.15 FCS_STO_EXT.1(1): Table 17 and Table 18 describe the circumstances in which the key is no longer needed for volatile and nonvolatile memory. The tables also identify the mechanism (OS or Boxer) which is responsible for the destruction of the keys. [EC_EP] FCS_CKM_EXT.5 The TOE implements a password/passphrase for key chaining. The TOE supports a password of up to 512 characters. The supported character sets include: upper case, lower case, numeric, and only the following special characters “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, and “)”. Passwords are not accepted if they are less than the required length configurable by the administrator or are greater than 512 characters. The TOE performs a password-based key derivation function in accordance with the HMAC-SHA-256 algorithm, defined in COP.1/KeyedHash. The key derivation function is performed with the password string without padding, a salt of 256 bits, 10K iterations (iOS), 10K iterations (iPadOS), and 20K iterations (Android), and with an output cryptographic key size of 256 bits that meets NIST SP 800-132. [APP_PP] FCS_COP.1/SKC The TOE supports AES encryption/decryption for FCS_SMIME_EXT.1.2. [Android] The TOE implements the cryptographic support the AES encryption/decryption for S/MIME using AES-256-CBC and AES-128-CBC. This cryptographic functionality is handled by the TOE’s OpenSSL implementation. The Boxer database is encrypted using the included SQLCipher API, which uses AES-256-CBC encryption/decryption services provided by the TOE’s OpenSSL implementation, in support of FCS_STO_EXT.1(1) and FCS_STO_EXT.1(2). Additionally, the TOE implements AES-256-CTR in support of AES_CTR DRBG services. The following is included for completeness in addressing FCS_STO_EXT.1(1) and FCS_STO_EXT.1(2) as it references FCS_COP.1/SKC. [iOS] The iOS platform provides the cryptographic support for the AES encryption/decryption for S/MIME using AES-256-CBC and AES-128-CBC. The Boxer database is encrypted using the included SQLCipher API, which uses AES-256-CBC encryption/decryption services provided by the iOS platform, to support FCS_STO_EXT.1(1) Security Target VMware Workspace ONE Boxer Email Client 51 | P a g e and FCS_STO_EXT.1(2). See FCS_COP.1/SKC in the Apple iOS 16 Security Target documentation (VID11349) for the AES-128-CBC and AES-256-CBC declaration. [iPadOS] The iOS platform provides the cryptographic support for the AES encryption/decryption for S/MIME using AES-256-CBC and AES-128-CBC. The Boxer database is encrypted using the included SQLCipher API, which uses AES-256-CBC encryption/decryption services provided by the iOS platform, to support FCS_STO_EXT.1(1) and FCS_STO_EXT.1(2). See FCS_COP.1/SKC in the Apple iPadOS 16 Security Target documentation (VID11350) for the AES-128-CBC and AES-256-CBC declaration. [APP_PP] FCS_COP.1/Hash The TOE supports the use of SHA-256, SHA-384, and SHA-512 for S/MIME functionality as defined in FCS_SMIME_EXT.1.3. [Android] This cryptographic functionality is handled by the TOE’s OpenSSL implementation. [iOS] This cryptographic functionality is handled by the iOS platform. [iPadOS] This cryptographic functionality is handled by the iPadOS platform. The following specifies the selected algorithms, key sizes, and message digest sizes respectively: • SHA-256, 256, 256 • SHA-384, 384, 384 • SHA-512, 512, 512 [APP_PP] FCS_COP.1/Sig The TOE uses sha256withRSAEncryption for the signatureAlgorithm (RSA scheme) for digital signature services in support of S/MIME functionality as defined in FCS_SMIME_EXT.1.4. RSA scheme with a key size of 2048 bits is supported. [Android] This cryptographic functionality is handled by the TOE’s OpenSSL implementation. [iOS] This cryptographic functionality is handled by the iOS platform. [iPadOS] This cryptographic functionality is handled by the iPadOS platform. [APP_PP] FCS_COP.1/KeyedHash The TOE performs a password-based key derivation function in accordance with the HMAC-SHA-256 algorithm with a 256 bit key size and 256 message digest size (defined by FCS_CKM_EXT.5.3). [Android] This cryptographic functionality is handled by the TOE’s OpenSSL implementation. [iOS] This cryptographic functionality is handled by the iOS platform. [iPadOS] This cryptographic functionality is handled by the iPadOS platform. Security Target VMware Workspace ONE Boxer Email Client 52 | P a g e [EC_EP] FCS_COP_EXT.2(iOS), [EC_EP] FCS_COP_EXT.2(Android), and [EC_EP] FCS_COP_EXT.2(iPadOS) [Android] The TOE implements functionality to perform Key Wrapping using AES Key Wrap with a cryptographic key size 256-bits that meets NIST SP 800-38F for Key Wrap (section 6.2). [iOS] The TOE uses the platform to perform the Key Wrapping using AES Key Wrap with a cryptographic key size 256-bits that meets NIST SP 800-38F for Key Wrap (section 6.2). [iPadOS] The TOE uses the platform to perform the Key Wrapping using AES Key Wrap with a cryptographic key size 256-bits that meets NIST SP 800-38F for Key Wrap (section 6.2). See Section 8.1.15 FCS_STO_EXT.1(1): Table 17 and Table 18 for the description on secure storage, destruction, and usage of keys. [EC_EP] FCS_IVG_EXT.1 The TOE creates IVs using the CBC encryption mode meaning that the IVs are non-repeating. [EC_EP] FCS_KYC_EXT.1 For both Android, iOS and iPadOS, the user enters a password according to the policy set forth by FCS_CKM_EXT.5. This key is processed as prescribed in each iteration of FCS_COP_EXT.2 and results in a 256-bit key (Password Key). The derived Password Key is only stored in volatile memory (RAM) and is always recreated when the user is required to enter the password to unlock the application, such as the first time executing the application after a reboot of the mobile device or restart of the app. Users using the iOS or iPadOS may also input biometrics utilizing the Touch ID feature. A Touch ID key is randomly generated using iOS-platform or iPadOS-platform provided functionality. The Key Chaining process is the same with the exception of using the Touch ID key instead of the Password Key. The term “SecurePref storage” means a VMware key grouping within the Boxer database. The term “SharedPref” means an Android key/value pair persistent storage mechanism (keystore). Android Key Chaining Process: When the application is not running (i.e., first time login from a reboot): • The user inputs password or biometric unlock or device pin • The Passphrase Key is derived (SHA1 hashed and encoded version of the password) • The encrypted Key Encryption Key (KEK1) is pulled from SharedPrefs storage • The encrypted Key Encryption Key is then decrypted using Passphrase Key Or when the session is running in background: • Session Key in memory and stored in SharedPrefs • The encrypted Key Encryption Key (KEK2) is pulled from SharedPrefs storage • The encrypted Key Encryption Key is then decrypted using Session Key • The encrypted Master key is pulled from SharedPrefs storage • The encrypted Master Key is then decrypted using Key Encryption Key • The encrypted Boxer Database Key is then pulled from SecurePref storage • The encrypted Boxer Database Key is then decrypted using the Master Key Security Target VMware Workspace ONE Boxer Email Client 53 | P a g e • Access to Boxer Database is now available iOS Key Chaining Process: • The user inputs password or biometric unlock or device pin • The Password Key/Touch ID Key is derived • The encrypted Master Key is pulled from iOS keychain • The Master Key is then decrypted using Password Key/Touch ID key • The encrypted Boxer App Key is pulled from iOS keychain • The encrypted Boxer App Key is decrypted using Master Key • The encrypted Boxer Master Key is then pulled form iOS keychain • The encrypted Boxer Master Key is decrypted using Boxer App Key • The encrypted Boxer Database key is pulled from iOS keychain • The encrypted Boxer Database Key is then decrypted using Boxer Master Key • Access to Boxer Database is now available iPadOS Key Chaining Process: • The user inputs password or biometric unlock or device pin • The Password Key/Touch ID Key is derived • The encrypted Master Key is pulled from iPadOS keychain • The Master Key is then decrypted using Password Key/Touch ID key • The encrypted Boxer App Key is pulled from iPadOS keychain • The encrypted Boxer App Key is decrypted using Master Key • The encrypted Boxer Master Key is then pulled form iPadOS keychain • The encrypted Boxer Master Key is decrypted using Boxer App Key • The encrypted Boxer Database key is pulled from iPadOS keychain • The encrypted Boxer Database Key is then decrypted using Boxer Master Key • Access to Boxer Database is now available See Section 8.1.15 FCS_STO_EXT.1(1): Table 17 and Table 18 for the description on secure storage, destruction, and usage of keys. [APP_PP] FCS_RBG_EXT.1(iOS), [APP_PP] FCS_RBG_EXT.1(Android), [APP_PP] FCS_RBG_EXT.1(iPadOS), and [APP_PP] FCS_RBG_EXT.2 [Android] When installed on an Android platform, the TOE implements its own DRBG functionality and invokes the platform’s DRBG services, depending upon the function. The TOE implements OpenSSL to provide NIST SP 800-90A compliant AES_CTR DRBG services (see Table 15 for certificate number) for the cryptographic functionality specified in the [EC_EP]. There is no ability to specify the use of an alternative DRBG. The TOE’s DRBG is seeded with a minimum of 256- bits entropy data that is collected from /dev/random or /dev/urandom depending on the function. The amount of entropy that is collected is based on the function that the DRBG is being used for. In all cases, this amount is greater than or equal to the security strength of the data that is being outputted. The entropy source is described in greater detail in the proprietary Entropy Assessment Report. The TOE invokes the platform’s BoringSSL cryptography to provide NIST SP 800-90A compliant AES_CTR DRBG functionality for trusted communications between the TOE and email Exchange server. Security Target VMware Workspace ONE Boxer Email Client 54 | P a g e The specific cryptographic implementation for the Android platform can be found in the Samsung Electronics Co., Ltd. Samsung Galaxy Devices on Android 13 – Spring Security Target documentation (VID11342). When the application invokes the platform to obtain random numbers, the platform APIs used are /dev/random and /dev/urandom APIs depending on function. The TOE also implements its own DRBG function using OpenSSL. The random numbers are obtained using /dev/random or /dev/urandom depending on the function when OpenSSL is being used. [iOS] When installed on an iOS platform, the TOE invokes the platform’s CoreCrypto module to provide NIST SP 800-90A compliant AES_CTR DRBG functionality for trusted communications between the TOE and email Exchange server. The CoreCrypto AES_CTR DRBG services also provide support for the cryptographic functionality specified in the [EC_EP]. The specific cryptographic implementation for the iOS platform can be found in the Apple iOS 16 – Security Target documentation (VID11349). The platform API used to obtain random numbers is SecRandomCopyBytes(). [iPadOS] When installed on an iPadOS platform, the TOE invokes the platform’s CoreCrypto module to provide NIST SP 800-90A compliant AES_CTR DRBG functionality for trusted communications between the TOE and email Exchange server. The CoreCrypto AES_CTR DRBG services also provide support for the cryptographic functionality specified in the [EC_EP]. The specific cryptographic implementation for the iPadOS platform can be found in the Apple iPadOS 16 – Security Target documentation (VID11350). The platform API used to obtain random numbers is SecRandomCopyBytes(). [EC_EP] FCS_SMIME_EXT.1 The TOE implements both a sending and receiving S/MIME v4.0 Agent as defined in RFC 8551, using CMS as defined in RFCs 5652, 5754, and 3565. The TOE uses AES-256-CBC (FCS_COP.1/SKC) as its default for transmitting the ContentEncryptionAlgorithmIdentifier. The administrator is able to configure the TOE to use AES-128-CBC as well. For the digestAlgorithm, the TOE implements id-sha256 by default. This is also configurable by the administrator to use id-sha384 and id-sha512 (FCS_COP.1/Hash). The TOE uses sha256withRSAEncryption for the signatureAlgorithm by default (FCS_COP.1/Sig). Only a certificate with the digitalSignature bit set will be accepted as part of the S/MIME protocol. The TOE supports the use of different private keys for signature and for encryption as part of the S/MIME protocol. Certificate revocation information is received from the OCSP responder at a frequency defined by the server. An UEM administrator may override this frequency by configuring a value via UEM. Certificates are pulled from the signed email when received in the application in order to validate the authenticity and integrity of the email. [APP_PP] FCS_STO_EXT.1(1) There are two groupings of keys/credentials: • Keys used to unlock Boxer for operational use: Keys that the OS platform (iOS, iPadOS, or Android) is invoked to store in the platform’s keystore/keychain. Security Target VMware Workspace ONE Boxer Email Client 55 | P a g e • Keys/Credentials Considered Configuration Data used by Boxer for operational functionality: Keys/credentials that are considered sensitive configuration data that the TOE stores in its internal encrypted Boxer database. o [Android] The Boxer database is encrypted, using the included SQLCipher API which uses the TOE’s OpenSSL implementation for AES-256-CBC encryption/decryption services on the Android platform, per FCS_COP.1/SKC of this ST (TOE implements). o [iOS] The Boxer database is encrypted, using the included SQLCipher API which invokes the iOS platform for AES-256-CBC encryption/decryption services provided by the iOS platform (TOE invokes). o [iPadOS] The Boxer database is encrypted, using the included SQLCipher API which invokes the iPadOS platform for AES-256-CBC encryption/decryption services provided by the iPadOS platform (TOE invokes). o Additionally, the Boxer database is protected by the iOS/iPadOS/Android platform file- based encryption as defined in FDP_DAR_EXT.1 providing a double encryption protection scheme for the Boxer database. The following table identifies the keys/credentials that are used by the TOE, how and where they are stored, how and when they are destroyed, and the purpose as scoped by [APP_PP] and [EC_EP]: • Any keys/credentials saved to the internal encrypted Boxer database maps to the “implement functionality” selection. • The term “SecurePref” means a VMware created key grouping within the Boxer database. • The term “SharedPref” means an Android key/value pair persistent storage mechanism (keystore). • The term “App Wipe” is a remote wipe accomplished from the UEM console and “App Uninstall” is when a user removes it manually from the OS App listing. Keys used Directly / Indirectly to unlock Boxer application (invoke) Volatile Non-volatile Keychain Description User entered Password/passcode Used in memory Cleared by OS: • Device Reboot Zeroed by OS: • Functionality complete Not persistently stored • User password entry Passphrase Key Used in memory Zeroed by Boxer: • Task completion Not persistently stored • This is a SHA1 hashed and encoded version of the key above (User entered Password/passcode) Session Key Used in memory Cleared by Boxer: • App Wipe Cleared by OS: Android: Stored in SharedPrefs and protected by the Android hardware- • Primary key to be used to get to Key Encryption Key while Security Target VMware Workspace ONE Boxer Email Client 56 | P a g e • Device Reboot backed crypto services API keystore. Cleared by OS: • App Uninstall the application is running Biometric Key (i.e., TouchID Key) Used in memory Not kept in Memory Zeroed by Boxer: Session establishment completed Android: Stored in SharedPrefs and protected by the Android hardware- backed crypto services API keystore Zeroed by Boxer: • App Wipe Passcode change • Used only to unwrap Master Key and start creating a session Device Pin Based Key Used in memory Not kept in Memory Zeroed by Boxer: Session establishment completed Android: Stored in SharedPrefs and protected by the Android hardware- backed crypto services API keystore Zeroed by Boxer: • App Wipe Passcode change • Used only to unwrap Master Key and start creating a session Key Encryption Key (KEK) Used in memory Kept in Memory wrapped with Session Key (KEK2) until: Cleared by Boxer: • App Wipe Wrapped using Passphrase Key and saved in SharedPrefs (KEK1) Wrapped using the Session Key and saved in SharedPrefs (KEK2) Cleared by OS: • App Uninstall • Randomly generated at installation • KEK used to encrypt Master Key • The Key Encryption Key #1 and #2 is derived by encrypting the randomly generated Key Encryption Key with the Passphrase Key and Session Key respectively • When the mobile device user enters the correct passcode, then KEK1 can be decrypted to reproduce the KEK for use in volatile memory • When an active session, the KEK2 can be decrypted to reproduce the KEK for us in volatile memory Security Target VMware Workspace ONE Boxer Email Client 57 | P a g e Master Key Used in memory Cleared by OS: • Device Reboot Wrapped using KEK and saved in SharedPrefs Cleared by OS: • App Uninstall • Randomly generated at installation • Used to encrypt the Boxer database Key Keys/credentials exclusively for operational Boxer (implement) Volatile Non-volatile Keychain Description Boxer Database Key Used in memory Cleared by Boxer: • App Wipe Cleared by OS: Device Reboot Wrapped using Master Key and saved in SecurePref Cleared by OS: • App Uninstall AES wrapped with Master Key and stored in Android Shared preferences. • Randomly generated at installation Used to encrypt/decrypt Boxer Database providing access to mail data Authentication Credential Password Used in memory Cleared by Boxer: • App Wipe Cleared by OS: • Device Reboot Persistently stored in encrypted Boxer database Cleared by OS: App Uninstall • Used to authenticate boxer client with Exchange server Authentication credential Communication Certificate Used in memory Cleared by Boxer: • App Wipe Cleared by OS: • Device Reboot Certificate is AES wrapped and stored in Boxer database Cleared by OS: • App Uninstall • Overwritten when a new certificate is generated • Used for communication with Exchange server S/MIME certificates containing public + private keys (1 for Encryption 1 for signing or the same certificate for both signing and encryption) Used in memory Cleared by Boxer: • App Wipe Cleared by OS: • Device Reboot • Encrypting/decry pting S/MIME email is completely done in memory Certificate is stored in the SecurePref. Cleared by OS: • App Uninstall A copy is also stored in the encrypted Boxer database Cleared by OS: App Uninstall • Used for S/MIME Sensitive Data exclusively for operational Boxer (FDP_DAR_EXT.1) Volatile Non-volatile (db) Description Security Target VMware Workspace ONE Boxer Email Client 58 | P a g e Public Key of email recipient Used in memory Cleared by OS: • App Uninstall Certificates are stored in the encrypted Boxer database Cleared by OS: • App Uninstall Public Certificate and its Certificate chain are temporarily stored on the file system for the duration of the encryption/signature verification • Used for S/MIME Attachment Encryption Key Used in memory Available only when accessing the attachment Zeroed by Boxer: • Task Completion (Decryption of attachment completed) Encrypted version Stored in encrypted Boxer database Cleared by OS: • App Uninstall • Used to encrypt attachments stored in the internal file system Temporary Files Encryption Key Used in memory Available only when accessing the temporary file Zeroed by Boxer: • Task Completion (Temporary file no longer in use) In case of “draft e-mails (before being sent out)”: Not stored persistently In case of “incoming S/MIME messages content”: Key is key- wrapped using Boxer database key and then encrypted using a static passcode and stored in Shared Preferences. Cleared by OS: • App Uninstall • Used to store temporary content Example: Emails before being sent out utilize these files to temporarily store the content and are deleted once the message is sent. Table 17: Stored Android Credentials Keys used Directly / Indirectly to unlock Boxer application (invoke) Volatile Non-volatile Keychain Description Session Key Used in memory Zeroed by Boxer: • App Wipe Zeroed by OS: • App Close Encrypted with App's public key (that was subscribed to share session) and saved in iOS/iPadOS Keychain Corresponding private key is kept in the running memory of the app • Primary key to be used to get to Master Key while the application is running • Used to maintain app specific or shared session across SSO Apps Security Target VMware Workspace ONE Boxer Email Client 59 | P a g e Zeroed by Boxer: • App Wipe Biometric Key (i.e., TouchID Key) Used in memory Not kept in Memory Zeroed by Boxer: • Session establishment completed Wrapped by system and stored in Secure Enclave by system for type SecClass Key Zeroed by Boxer: • App Wipe • Passcode change • Used only to unwrap Master Key and start creating a session Password Based Key Used in memory Not kept in Memory Zeroed by Boxer: • Task Completion (Session establishment completed) Not persistently stored • Used only to unwrap Master Key and start creating a session • Uses KDF with 10000 iterations to convert user input into Password Based Key Master Key Used in memory Kept in Memory wrapped with Session Key (MK3) Zeroed by Boxer: • App Wipe Zeroed by OS: • App Close 1. Wrapped with Password Based Key and saved in iOS/iPadOS keychain (MK1) 2. 3. Wrapped using Touch ID Key and saved in iOS/iPadOS keychain (MK2) 4. Wrapped using Session Key and saved in iOS/iPadOS keychain (MK3) Zeroed by OS: • App Uninstall • The Master Key #1, #2, #3 is derived by encrypting the randomly generated Master Key with the Password Key, Biometric Key, and Session key respectively • When the mobile device user enters the correct passcode, then MK1 can be decrypted to re-produce the Master Key for use in volatile memory • When the mobile device user enters the correct TouchID, the MK2 can be decrypted to re-produce the Master Key for use in volatile memory • When an active session, the MK3 can be decrypted to reproduce the Master Key for use in volatile memory Boxer App Key Used in memory Wrapped with Master key and stored in iOS/iPadOS Keychain • The Boxer App Key is randomly generated Security Target VMware Workspace ONE Boxer Email Client 60 | P a g e Obfuscated with Master Key which is also kept in memory Zeroed by Boxer: • App Wipe Zeroed by OS: • App Close Destroyed by Boxer: • App Wipe • The Boxer App Key is encrypted with the Master Key for storage • Used for encrypting/decrypting Boxer Database Keys/credentials exclusively for operational Boxer (invoke) Volatile Non-volatile Keychain Description Boxer Master Key Used in memory throughout the lifetime of the app Zeroed by OS: • App Close Stored encrypted in the iOS/iPadOS Keychain Encrypted using the Boxer Application Key Zeroed by OS: • App Uninstall • Randomly generated at installation • Used for encrypting all other keys inside the boxer app Boxer Database Key Used in-memory Zeroed by Boxer: • Task Completion (Opening Boxer database) Stored encrypted in the iOS/iPadOS Keychain Encrypted with the Boxer Master Key Zeroed by OS: • App Uninstall • Randomly generated at installation • Used for locking / unlocking the Boxer database Sensitive Data exclusively for operational Boxer (FDP_DAR_EXT.1) Volatile Non-volatile (db) Description File Encryption Keys Used in-memory Zeroed by Boxer: • Task Completion (File Read or Write) Stored encrypted in the Boxer database Encrypted with the Boxer Master Key Zeroed by OS: • App Uninstall • Used for encrypting / decrypting files on filessystem S/MIME Private Keys Used in-memory Loaded on demand Zeroed by OS: • App Close Stored encrypted in the Boxer database Encrypted with the Boxer Master Key Zeroed by OS: • App Uninstall • Used for encrypting / decrypting S/MIME email messages Exchange CBA Certificate Used in memory throughout the lifetime of the app Stored encrypted in the Boxer database Zeroed by Boxer: • Used for Client-Server authentication with Exchange Security Target VMware Workspace ONE Boxer Email Client 61 | P a g e Zeroed by OS: • App Close • App Wipe Zeroed by OS: • App Uninstall Exchange Basic Authentication Password Used in memory throughout the lifetime of the app Zeroed by OS: • App Close Stored encrypted in the Boxer database Zeroed by Boxer: • App Wipe Zeroed by OS: • App Uninstall • Used for Client-Server authentication with Exchange Table 18: Stored iOS/iPadOS Credentials [APP_PP] FCS_STO_EXT.1(2) The Boxer application stores S/MIME revocation status information in the Boxer database. The following information is stored: • Certificate Identifier • Certificate Revocation Status • Validation Failure Reason • Next Revocation Check Date • Last Revocation Checked Date The information is overwritten when information is refreshed. The revocation status information is deleted upon the Boxer application removal. [Android] These objects are stored in the encrypted Boxer database. The Boxer database is encrypted, using the included SQLCipher API which uses AES-256-CBC encryption/decryption services provided by the TOE’s OpenSSL implementation on the Android platform, per FCS_COP.1/SKC of this ST (TOE implements). [iOS] These objects are stored in the encrypted Boxer database. The TOE invokes the iOS platform to encrypt the Boxer database, using the included SQLCipher API which uses AES-256-CBC encryption/decryption services provided by the iOS platform (TOE invokes). [iPadOS] These objects are stored in the encrypted Boxer database. The TOE invokes the iPadOS platform to encrypt the Boxer database, using the included SQLCipher API which uses AES-256-CBC encryption/decryption services provided by the iPadOS platform (TOE invokes). 8.2 User Data Protection [APP_PP] FDP_DAR_EXT.1 The TOE relies on the underlying platforms (iOS, iPadOS, and Android) to provide data-at-rest encryption for all saved data files including the already encrypted Boxer database. [Android] The Android platform automatically enforces file-based encryption (FBE) using AES-256-XTS encryption. The TOE’s file creation scheme requires sensitive data files to be saved with the MODE_PRIVATE flag set. All instances where files containing sensitive data are stored call the getSharedPreferences(String name, int mode) method (which is an overridden method defined in the Boxer application source code) with the “MODE_PRIVATE” flag as the second parameter. Sensitive data Security Target VMware Workspace ONE Boxer Email Client 62 | P a g e includes: calendar, address book (i.e., contacts), system accounts, and profiles which are stored in the internal Boxer database that is fully encrypted in addition to the file encryption (double encryption). [iOS] The iOS platforms automatically enforces file-based encryption (FBE) through Apple’s Data Protection which uses AES-128-XTS or AES-256-XTS, dependent on the family devices, for encryption. The TOE’s file creation scheme requires sensitive data files to use Data Protection’s Protected Until First User Authentication Data Protection Class for each data file stored locally. Sensitive data includes: calendar, address book, system accounts, and profiles which are stored in an internal Boxer database that is fully encrypted in addition to the file-based encryption (double encryption). All instances where sensitive data files are stored rely on the NSFileProtectionCompleteUntilFirstUserAuthentication declaration in "VMwareBoxer.entitlements", which is contained in the TOE .ipa file and is enforced in code. [iPadOS] The iPadOS platforms automatically enforces file-based encryption (FBE) through Apple’s Data Protection which uses AES-128-XTS or AES-256-XTS, dependent on the family devices, for encryption. The TOE’s file creation scheme requires sensitive data files to use Data Protection’s Protected Until First User Authentication Data Protection Class for each data file stored locally. Sensitive data includes: calendar, address book, system accounts, and profiles which are stored in an internal Boxer database that is fully encrypted in addition to the file-based encryption (double encryption). All instances where sensitive data files are stored rely on the NSFileProtectionCompleteUntilFirstUserAuthentication declaration in "VMwareBoxer.entitlements", which is contained in the TOE .ipa file and is enforced in code. [APP_PP] FDP_DEC_EXT.1(iOS), [APP_PP] FDP_DEC_EXT.1(Android), and [APP_PP] FDP_DEC_EXT.1(iPadOS), The TOE restricts its access and provides user awareness for the intent to access the following hardware resources: [Android] The hardware access is defined as part of the manifest that can be accessed from the Play Store. It will also be displayed on-access. • network connectivity • camera • NFC • device storage • phone • fingerprint • vibrator Access to the following sensitive information repositories are also defined in the manifest and will be displayed on-access. • address book (i.e., contacts) • calendar • accounts • profile Security Target VMware Workspace ONE Boxer Email Client 63 | P a g e [iOS] The iOS displays the warnings when access is required. • network connectivity • camera • device storage • phone • touch/face ID The product also displays warnings before accessing the following sensitive information: • address book (i.e., contacts) • calendar [iPadOS] The iPadOS displays the warnings when access is required. • network connectivity • camera • device storage • phone • touch/face ID The product also displays warnings before accessing the following sensitive information: • address book (i.e., contacts) • calendar [APP_PP] FDP_NET_EXT.1 The TOE does not invoke or implement any listening ports. The TOE requires network access to facilitate remote administration (via UEM) as well as communicating with the Exchange server. The TOE supports the following user-initiated communications connections: • Exchange server for sending email, forcing a sync (calendar, address book, and emails), GAL lookup, and email search. The TOE application invokes the platform to initiate the following SFR-supporting operational environment connections: • Exchange server (ActiveSync: (calendar, address book, email)) • OCSP responder for S/MIME revocation checking • Automatic Version Information Check Server(s) o [Android]: Amazon Server o [iOS]: Akamai Server o [iPadOS]: Akamai Server Note: This is not the same as the OS querying the respective app stores for available updates. The TOE invokes the OS to automatically query the above servers for the latest VMware published version information to notify the end user when a new version is available from within the application. Security Target VMware Workspace ONE Boxer Email Client 64 | P a g e Additionally, the TOE application invokes the platform to initiate the following non-SFR supporting operational environment connections to: • [Android, iOS, and iPadOS] Apteligent service for reporting app crashes and exceptions hosted in Amazon. • [iOS and iPadOS] Cloudfront VMware service to get images to display for certain icons hosted in Amazon. • [iOS and iPadOS] Automattic, Inc - Gravatar services to fetch profile image for a sender of an e- mail using sender's e-mail address. • [iOS and iPadOS] AirWatch LLC OCSP responder for discovering an existing configuration for a given email address. [EC_EP] FDP_NOT_EXT.1 When the email content is viewed, the TOE shows a notification icon between the header and the body of the email. A seal symbol indicates the email has been signed. A lock symbol indicates the email has been encrypted. Both symbols are displayed when the email has been signed and encrypted. The notification icon uses color coding to help the user quickly identify if there are any issues with the validity of the signer or email. The icon is: black to indicate the certificate is verified and trusted; orange to indicate the email is from an untrusted signer; red to indicate the email has been tampered with. If the email is from an untrusted signer, then the user is provided with option to manually accept the certificate. When displaying the list of emails, a seal symbol is used to notify the user that the email is signed and a lock symbol is used to notify the user that the email is encrypted. Both symbols are displayed if the mail is signed and encrypted. Signature validity is not displayed until the message is opened. [EC_EP] FDP_SMIME_EXT.1 The TOE uses S/MIME for signing, encrypting, verifying, and decrypting email. S/MIME is implemented as specified in FCS_SMIME_EXT.1. The signature verification and decryption occur at the receipt of the message. The messages are not stored with their S/MIME envelopes. 8.3 Identification and Authentication [APP_PP] FIA_X509_EXT.1 The TOE platform, regardless of OS, performs certificate validation for certificates used for TLS communications. The following is checked in order to determine if a given certificate is valid: • Certificate validation and certificate path validation conforms to RFC 5280. • The certificate path must terminate with a trusted CA certificate. • All CA certificates must have the basicConstraints extension present and the CA flag set to TRUE. • The TOE uses the Online Certificate Status Protocol (OCSP) as specified in RFC 6960 to verify revocation status. The certificate must not be revoked. • The extendedKeyUsage field must be valid based on the following rules: o Certificates used for trusted updates and executable code integrity verification must have the Code Signing purpose (id-kp 3 with OID 1.3.6.1.5.5.7.3.3) in the extendedKeyUsage Security Target VMware Workspace ONE Boxer Email Client 65 | P a g e field. o Server certificates presented for TLS must have the Server Authentication purpose (id-kp with OID 1.3.6.1.5.5.7.3.1) in the extendedKeyUsage field. o Client certificates presented for TLS must have the Client Authentication purpose (id-kp 2 with OID 1.3.6.1.5.5.7.3.2) in the extendedKeyUsage field. o S/MIME certificates presented for email encryption and signature must have the Email Protection purpose (id-kp 4 with OID 1.3.6.1.5.5.7.3.4) in the extendedKeyUsage field. o OCSP certificates presented for OCSP responses must have the OCSP signing purpose (id-kp 9 with OID 1.3.6.1.5.5.7.3.9) in the extendedKeyUsage field. o Server certificates presented for EST must have the CMC Registration Authority (RA) purpose (id-kp-cmcRA with OID 1.3.6.1.5.5.7.3.28) in the extendedKeyUsage field. The certificate validation service will ensure that all certificate paths terminate with a trusted root CA certificate and that all CA certificates include the basicConstraints extension with the CA flag set to TRUE. Certificate status is validated using OCSP. The certificate validation service will also ensure that the extendedKeyUsage field is properly set for all certificates depending on their intended usage. [APP_PP] FIA_X509_EXT.2 The TOE uses X.509v3 certificates to support the establishment of TLS connections to the Exchange server. The use of certificates is enabled by default. The administrator may also specify the path to an OCSP responder so that revocation status can be checked during authentication. The trusted CA certificates to be used by the TOE are specified through the UEM console. The TLS implementation will automatically reject a certificate if it is found to be invalid. The UEM administrator is able to specify the default action when the application/platform cannot reach the OCSP responder, so that the TOE will either: • Strict setting: Reject the certificate. • Moderate setting: Accept the certificate if the last revocation status is valid. Reject the certificate if the last known revocation status is unknown or was revoked. [EC_EP] FIA_X509_EXT.3 X.509v3 certificates as defined by RFC 5280, are used for S/MIME functionality and are transmitted from the UEM server to the Boxer application upon initial launch of the application and subsequent launches if new certificates are available. When the underlying application/platform cannot reach the OCSP responder, the UEM administrator is able to specify the default action so that the TOE will either: • Reject the certificate or • Accept the certificate if the last revocation status is valid. Reject the certificate if the last known revocation status is unknown or was revoked. The email client will prevent the encryption and/or signing of an email if the email protection certificate is deemed invalid. Security Target VMware Workspace ONE Boxer Email Client 66 | P a g e 8.4 Security Management [APP_PP] FMT_CFG_EXT.1 There are no default credentials for the TOE. All credentials would be pre-existing on the Exchange server or UEM server, which are separate entities to the TOE. The TOE software is installed by default with the appropriate permissions to prevent unauthorized access. [APP_PP] FMT_MEC_EXT.1 The iOS, iPadOS and Android platforms are responsible for file encryption to protect all applications and their data from unauthorized access. The user of the mobile device must enter a passcode to derive the key which is used to unlock the file. Secondly, when enrolling the TOE, it must be enrolled against a server that has a valid pre-existing credentials for the user of the mobile device. Thirdly, the user must enter a passphrase to gain access to the Boxer application and its data. This passphrase is used to derive the Boxer database key that is required to decrypt the Boxer database contents for use when needed. The keys and passcodes are stored as described in FCS_STO_EXT.1(1). [Android] The only user configurable sensitive TSF datum is the application password as defined in FMT_MOF_EXT.1, is stored in the SharedPreferences XML file (https://developer.android.com/reference/android/content/SharedPreferences) as a hashed string. [iOS] The user configurable sensitive TSF datum is the application password as defined in FMT_MOF_EXT.1, is stored in the iOS keychain. [iPadOS] The user configurable sensitive TSF datum is the application password as defined in FMT_MOF_EXT.1, is stored in the iPadOS keychain. [EC_EP] FMT_MOF_EXT.1 The administrator in this evaluation is considered to be the UEM administrator. The UEM administrator is responsible for setting the configuration of the TOE applications using the UEM console that resides in the operational environment. The UEM administrator can configure the password length, cryptographic functionality such as specifying what key sizes are used for the cryptographic algorithms in FCS_SMIME_EXT.1, OCSP retrieval frequency, S/MIME cryptographic assignments, and enabling/disabling the plaintext only mode globally. The mobile device user is not capable of changing these settings from the mobile device. The user is the subject that performs management functions on the TOE itself. The TOE allows the user the ability to change one’s own password/passphrase. See Supplemental Administrative Guidance for Common Criteria document on how the user defined password authorization factor can be changed. [APP_PP] FMT_SMF.1 At the TOE application, the User is considered the owner or user of the mobile device for which the TOE is installed. The TOE software provides one function that is considered administrative functionality to the end user according to the [EC_EP] FMT_MOF_EXT.1: change password/passphrase authentication credential. The User of the Android, iOS, and iPadOS platforms may change their password/passphrase authentication credentials. For the Android, iOS, and iPadOS platforms an UEM administrator can force a password change by making the password complexity stricter (i.e., increase password length). The user Security Target VMware Workspace ONE Boxer Email Client 67 | P a g e would be forced to change their password after having successfully authenticated with their old now non- compliant password. 8.5 Privacy [APP_PP] FPR_ANO_EXT.1 The TOE application does not collect personally identifiable information (PII) for administrators or users. Therefore, the TOE application will not transmit PII data over the network unless the user of the mobile device includes such information in the free text email. Free text in an email is outside the TOE’s scope of control. 8.6 Protection of the TSF [APP_PP] FPT_AEX_EXT.1 The TOE implements several mechanisms to protect against exploitation. [Android] The TOE is compiled using the -fPIE and -pie compilation flags to ensure it is a Position Independent Executable (ASLR). Memory map (mmap) is never invoked with both the PROT_WRITE and PROT_EXEC permissions. Additionally, mprotect is never invoked. User modifiable files are written to /data/data/com.boxer.email and there are also no executable files. [iOS] The TOE is compiled using the LD_NO_PIE=NO compilation flag to ensure it is a Position Independent Executable (ASLR). All uses of mmap have the explicit memory address location parameter set to NULL (or 0) with the exception of when mmap is called to reallocate memory to expand the Boxer database file map. Additionally, mprotect is never invoked with the PROT_EXEC permission. The platform forces applications to write all data within the application working directory (sandbox). [iPadOS] The TOE is compiled using the LD_NO_PIE=NO compilation flag to ensure it is a Position Independent Executable (ASLR). All uses of mmap have the explicit memory address location parameter set to NULL (or 0) with the exception of when mmap is called to reallocate memory to expand the Boxer database file map. Additionally, mprotect is never invoked with the PROT_EXEC permission. The platform forces applications to write all data within the application working directory (sandbox). Additionally, the TOE was compiled using the -fstack-protector-all compilation flag for all platforms. [EC_EP] FPT_AON_EXT.1 The TOE does not support the installation of trusted or untrusted add-ons. [APP_PP] FPT_API_EXT.1 When installed on a mobile device with the Android OS, the TOE uses only the following supported platform APIs in order to function. • androidx.annotation:annotation • androidx.appcompat:appcompat • androidx.arch.core:core-runtime • androidx.arch.core:core-testing • androidx.biometric:biometric • androidx.browser:browser • androidx.cardview:cardview • androidx.constraintlayout:constraintlayout Security Target VMware Workspace ONE Boxer Email Client 68 | P a g e • androidx.core:core • androidx.core:core-ktx • androidx.fragment:fragment • androidx.gridlayout:gridlayout • androidx.legacy:legacy-preference-v14 • androidx.legacy:legacy-support-v13 • androidx.legacy:legacy-support-v4 • androidx.lifecycle:lifecycle-common-java8 • androidx.lifecycle:lifecycle-extensions • androidx.lifecycle:lifecycle-livedata • androidx.lifecycle:lifecycle-runtime • androidx.lifecycle:lifecycle-service • androidx.lifecycle:lifecycle-viewmodel-ktx • androidx.multidex:multidex • androidx.palette:palette • androidx.preference:preference • androidx.recyclerview:recyclerview • androidx.room:room-common • androidx.room:room-compiler • androidx.room:room-ktx • androidx.room:room-runtime • androidx.security:security-crypto • androidx.sqlite:sqlite • androidx.sqlite:sqlite-framework • androidx.test.espresso:espresso- accessibility • androidx.test.espresso:espresso-contrib • androidx.test.espresso:espresso-core • androidx.test.espresso:espresso-intents • androidx.test.espresso:espresso-web • androidx.test.ext:junit • androidx.test.uiautomator:uiautomator • androidx.test:core • androidx.test:orchestrator • androidx.test:runner • androidx.work:work-runtime • androidx.work:work-runtime-ktx • androidx.work:work-testing • com.google.android.gms:play-services-base • com.google.android.gms:play-services- basement • com.google.android.gms:play-services- safetynet • com.google.android.gms:play-services- tasks • com.google.android.material:material • com.google.code.findbugs:jsr305 • com.google.code.gson:gson • com.google.crypto.tink:tink-android • com.google.dagger:dagger • com.google.dagger:dagger-android • com.google.dagger:dagger-android- processor • com.google.dagger:dagger-android-support • com.google.dagger:dagger-compiler • com.google.firebase:firebase-messaging • com.google.guava:guava • com.google.guava:listenablefuture • com.google.zxing:core • com.auth0.android:jwtdecode • com.crittercism:crittercism-android-agent • com.darwinsys:hirondelle-date4j • com.github.akarnokd:rxjava2-extensions • com.googlecode.libphonenumber:geocoder • com.jakewharton:butterknife • com.mixpanel.android:mixpanel-android • com.nhaarman.mockitokotlin2:mockito- kotlin • com.squareup.leakcanary:leakcanary- android • com.squareup.moshi:moshi • com.squareup.moshi:moshi-adapters • com.squareup.okhttp3:okhttp • com.squareup.okio:okio • com.sun.mail:android-activation • com.sun.mail:android-mail • com.uservoice:uservoice-android-sdk • commons-io:commons-io • cz.msebera.android:httpclient • io.reactivex.rxjava2:rxandroid • io.reactivex.rxjava2:rxjava • junit:junit • me.grantland:autofittextview • net.openid:appauth • net.sf.biweekly:biweekly • net.zetetic:android-database-sqlcipher • org.apache.commons:commons-lang3 • org.apache.httpcomponents:httpclient- android • org.greenrobot:eventbus • org.greenrobot:greendao • org.greenrobot:greendao-api • org.hamcrest:hamcrest • org.jetbrains.kotlin:kotlin-android- extensions-runtime • org.jetbrains.kotlin:kotlin-reflect Security Target VMware Workspace ONE Boxer Email Client 69 | P a g e • org.jetbrains.kotlin:kotlin-stdlib • org.jetbrains.kotlin:kotlin-stdlib-common • org.jetbrains.kotlin:kotlin-stdlib-jdk7 • org.jetbrains.kotlin:kotlin-stdlib-jdk8 • org.jetbrains.kotlinx:kotlinx-coroutines- android • org.jetbrains.kotlinx:kotlinx-coroutines- core • org.jetbrains.kotlinx:kotlinx-coroutines-test • org.jetbrains.kotlinx:kotlinx-serialization- runtime • org.jsoup:jsoup • org.koin:koin-android • org.koin:koin-core • org.mockito:mockito-android • org.mockito:mockito-core • org.robolectric:robolectric • org.robolectric:shadows-httpclient • org.robolectric:shadows-multidex • org.simpleframework:simple-xml When installed on a mobile device with the iOS and iPadOS, the TOE uses only the following supported platform APIs in order to function. • Accelerate.framework • Accounts.framework • AddressBook.framework • AdSupport.framework • AssetsLibrary.framework • AudioToolbox.framework • AVFoundation.framework • CallKit.framework • CFNetwork.framework • Contacts.framework • CoreData.framework • CoreFoundation.framework • CoreGraphics.framework • CoreLocation.framework • CoreMedia.framework • CoreMotion.framework • CoreTelephony.framework • CoreText.framework • CoreVideo.framework • EventKit.framework • Foundation.framework • ImageIO.framework • libc++ • libiconv • libresolv • libsqlite3 • libxml2.2 • libxml2 • libz.tbd • LocalAuthentication.framework • MapKit.framework • MediaPlayer.framework • MessageUI.framework • MobileCoreServices.framework • Photos.framework • QuartzCore.framework • QuickLook.framework • SafariServices.framework • Security.framework • Social.framework • SystemConfiguration.framework • UIKit.framework • UserNotifications.framework • WebKit.framework [APP_PP] FPT_IDV_EXT.1(iOS), [APP_PP] FPT_IDV_EXT.1(Android), and [APP_PP] FPT_IDV_EXT.1(iPadOS) [Android] The TOE version format is “YY.MM.PP.BB”. The vendor operates on a monthly release cycle to incorporate updates and fixes. The first number is based on the last two digits of the year of the release date. The second number is the 2-digit numerical representation of the month of the release date, the third number is based on the patch release under the monthly release number, and the fourth number is based on the internal build number that has been released to the Google Play store. Security Target VMware Workspace ONE Boxer Email Client 70 | P a g e [iOS] The TOE version format is “YY.MM.PP”. The vendor operates on a monthly release cycle to incorporate updates and fixes. The first number is based on the last two digits of the year of the release date. The second number is the 2-digit numerical representation of the month of the release date, and the third number is based on the patch release under the monthly release number. [iPadOS] The TOE version format is “YY.MM.PP”. The vendor operates on a monthly release cycle to incorporate updates and fixes. The first number is based on the last two digits of the year of the release date. The second number is the 2-digit numerical representation of the month of the release date, and the third number is based on the patch release under the monthly release number. [APP_PP] FPT_LIB_EXT.1 The TOE is packaged with several third-party open source libraries in order to function. When installed on a mobile device with the Android OS, the TOE uses only the following third-party dynamic libraries in order to function. • libc++_shared.so • libchameleon.so • libchameleon_jni.so • libcoredevice.so • libcrypto.1.0.2.so • libdyncdd.so • libencjni.so • libfips_main.so • libmip_core.so • libmip_protection_sdk.so • libmip_upe_sdk.so • libmip_wrapper.so • libmod_settings.so • libopdatashim.so • libpolarisoffice8.so • libscep.so • libsettings.so • libsettings_jni.so • libsqlcipher.so • libssl.1.0.2.so • libsupercollider.so • libxsw_crypto.so • libtunnel_sdk.so • libuidverify.so When installed on a mobile device with iOS or iPadOS, the TOE uses only the following third-party libraries in order to function. • AEXML.framework • AirWatchEWS.framework • AppAuth.framework • AppSupportKit.framework • AWCMWrapper.framework • AWCrypto.framework • AWEncryptedStoreKit.framework • AWError.framework • AWHelpers.framework • AWLocalization.framework • AWLog.framework • AWPresentation.framework • AWPrivacy.framework • AWSDK.framework • AWServices.framework • AWStorage.framework • AWTrustServices.framework • AWTunnel.framework • CocoaLumberjack.framework • CompoundFileReader.framework • ContentServices.framework • ContentUIServices.framework • DerivedCredentialsUsage.framework • Duktape.framework Security Target VMware Workspace ONE Boxer Email Client 71 | P a g e • EncryptedCoreData.framework • FMDB.framework • GRDB.framework • GRMustache.framework • GTMAppAuth.framework • GTMSessionFetcher.framework • HTTPStatusCodes.framework • iOSTunnelSDK.framework • JRSwizzle.framework • JWTDecode.framework • libical.framework • LogAggregator.framework • Lottie.framework • MSGraphClientModels.framework • NotificationObserverHelper.framework • OpenSSL.framework • SCEP.framework • Shimmer.framework • SQLCipher.framework • SQLite.framework • SwiftCBOR.framework • uservoice_iphone_sdk.framework • Variant.framework • VISidebarController.framework • VisionUX.framework • WS1CredentialTokenService.framework • WS1CryptorService.framework • WS1FileShare.framework • WS1MIP.framework • WS1ServiceRegistry.framework • WS1ServiceRegistryProtocol.framework • WSODeviceUtils.framework • XLActionController.framework • XSWChameleon.framework • XSWChameleonModuleSettings.framework • XSWCrypto.framework • XSWLogging.framework • XSWSettings.framework • XSWSettingsAttributesProvider.framework • XSWSettingsHttpProvider.framework • XSWSettingsKeychainProvider.framework • XSWSettingsOperationalDataProvider.framework • XSWSettingsSuperColliderProvider.framework [APP_PP] FPT_TUD_EXT.1 and FPT_TUD_EXT.2 The TOE provides a user with the ability to check the version of the TOE that is currently running on the machine. [Android] Within the application, the TOE will display the version by navigating: Settings → About. The Android OS also provides the versioning information by using the App manager. [iOS] Within the application, the TOE will display the version by navigating: Settings → About. The iOS also provides the versioning information by using the App manager. [iPadOS] Within the application, the TOE will display the version by navigating: Settings → About. The iPadOS also provides the versioning information by using the App manager. The TOE automatically checks to see if an update is available without user intiation. If there is an update available, the user is notified that the product has an update available and directs the user to go to the appropriate app store to download. Additionally, the user can leverage the platform features to independently check for updates by navigating to the Google Play Store (Android) or the Apple App Store (iOS and iPadOS). The TOE does not automatically update its own binaries or executable files. The binary code is only modified or replaced if the user manually initiates the update via the platform provided update mechanism. Security Target VMware Workspace ONE Boxer Email Client 72 | P a g e The application for Android is packaged in .apk format and for iOS and iPadOS it is packaged in .ipa format. The TOE and updates to the TOE are provided by the Google Play Store (Android) or Apple App Store (iOS and iPadOS) over HTTPS/TLS. Once the update has been completed by the developer, it is then digitally signed by the developer and sent to the Google Play Store/Apple App Store. The TOE software is digitally signed using a Verisign X.509v3 certificate. The Google Play Store/Apple App Store will then verify the signature and will sign the update with its own signature. When the update gets sent to the mobile device, the mobile device will verify the signature from the Google Play Store/Apple App Store. Secure communication between the mobile device and its app store is handled by the underlying platform. This secure channel is considered part of the operating environment and is out of the scope of the evaluation. The TOE relies on the platform OS to uninstall the application and remove all remnants of the software from the device. When the TOE application is uninstalled, the entire package is removed. There are no exceptions or customizations for the uninstall function to leave any traces of files or settings. 8.6.6.1 Timely Security Updates As part of providing timely security updates, VMware provides customers with a support section on VMware.com where they have the ability to submit support issues. This is an HTTPS site that requires user authentication prior to use. Any feedback that necessitates a fix will result in an update to Boxer itself so there is no third-party update process to consider when updating the TOE. High severity issues can result in a patch release as soon as remediation is available. Lower severity issues will be incorporated into the next monthly release. Security fixes will be released as new packages in the same manner as any feature updates (see discussion on FPT_TUD_EXT.1 above). The TOE contains a number of components, including third-party components that VMware does not have control over the implementation of. Any implementation flaws are expected to be addressed within 90 days of reporting. Customers are notified of security-related fixes on the VMware customer portal. 8.7 Trusted Path/Channels [APP_PP] FTP_DIT_EXT.1(iOS), [APP_PP] FTP_DIT_EXT.1(Android), and [APP_PP] FTP_DIT_EXT.1(iPadOS) The TOE invokes its host platform to communicate with an Exchange Server platform for its primary function as an email client, using the following methods: [Android] The TOE invokes its host platform to establish a TLSv1.2 channel with the Exchange Server platform to secure all transmitted data via javax.net.ssl.SSLSocketFactory. Once the TLS connection is established between the platforms, the TOE invokes its host platform to use ActiveSync for exchanging email with the Exchange Server via the ApacheHttpClient library which internally uses java.net.HttpURLConnection. In this instance, the TOE platform acts as the TLS client to initiate the secure communications to the Exchange server to send and receive emails. [iOS] The TOE invokes its host platform to establish a TLSv1.2 channel with the Exchange Server platform to secure all transmitted data via the NSURLCredential.credentialForTrust system method. Once the TLS connection is established between the platforms, the TOE invokes its host platform to use Security Target VMware Workspace ONE Boxer Email Client 73 | P a g e ActiveSync for exchanging email with the Exchange Server via the NSURLSessionTask. In this instance, the TOE platform acts as the TLS client to initiate the secure communications to the Exchange server to send and receive emails. [iPadOS] The TOE invokes its host platform to establish a TLSv1.2 channel with the Exchange Server platform to secure all transmitted data via the NSURLCredential.credentialForTrust system method. Once the TLS connection is established between the platforms, the TOE invokes its host platform to use ActiveSync for exchanging email with the Exchange Server via the NSURLSessionTask. In this instance, the TOE platform acts as the TLS client to initiate the secure communications to the Exchange server to send and receive emails. [EC_EP] FTP_ITC_EXT.1 As described above in FTP_DIT_EXT.1, the TOE implements ActiveSync to communicate with the Exchange server over the TLS v1.2 channel established by the TOE platform. The TOE is able to send and receive emails from the operational environment over this channel.