Maintenance Addendum BlackBerry Enterprise Server Version 4.1.4 (December 2007)

Canadian Common Criteria Scheme (CCCS)

Maintenance Report

BlackBerry® Enterprise Server Version 4.1.4

 

Issued by:

Communications Security Establishment
Certification Body
Canadian Common Criteria Evaluation and Certification Scheme

© 2007 Government of Canada, Communications Security Establishment

Document number 383-7-24-MR
Version 1.0
Date December 10, 2007

1 Introduction

On 20 November 2007, Electronic Warfare Associates-Canada (EWA-Canada) submitted an Impact Analysis Report to the CCS Certification Body on behalf of Research In Motion Limited, the developer of the BlackBerry® Enterprise Server Version 4.1.4 product. The Impact Analysis Report is intended to satisfy requirements outlined in version 1.0 of the Common Criteria document CCIMB-2004-02-009: Assurance Continuity: CCRA Requirements. In accordance with those requirements, the Impact Analysis Report (IAR) describes the changes made to BlackBerry® Enterprise Server Version 4.1.4 (the maintained Target of Evaluation), the evidence updated as a result of the changes and the security impact of the changes.

2 Description of changes

The following characterizes the changes implemented in the BlackBerry® Enterprise Server Version 4.1.4. For each change, it was verified that there were no required changes to the security functional requirements in the ST, and thorough functional and regression testing was conducted by the developer to ensure that the assurance in the Target of Evaluation (TOE) was maintained. The changes in the BlackBerry® Enterprise Server Version 4.1.4 comprise bug fixes resulting from defects detected and resolved through the QA/test process and the release of Japanese variants of the TOE. The new releases are as follows:

  • BlackBerry Enterprise Server for IBM Lotus Domino Version 4.1.4 (4.1.4 bundle 24) English variant executing on Microsoft Windows Server 2003 Service Pack 1;
  • BlackBerry Enterprise Server for Microsoft Exchange Version 4.1.4 (4.1.4 bundle 25) English variant executing on Microsoft Windows Server 2003 Service Pack 1;
  • BlackBerry Enterprise Server for IBM Lotus Domino Version 4.1.4 (4.1.4 bundle 72) Japanese variant executing on Microsoft Windows Server 2003 Service Pack 1; and
  • BlackBerry Enterprise Server for Microsoft Exchange Version 4.1.4 (4.1.4 bundle 84) Japanese variant executing on Microsoft Windows Server 2003 Service Pack 1.

3 Affected developer evidence

Modifications to the product necessitated changes to a subset of the developer evidence that was previously submitted for the TOE. The set of affected developer evidence was identified in the IAR.

Modifications to the security target were made to reflect the new product versions.

4 Conclusions

Changes to the TOE were bug fixes and the release of Japanese variants. Through functional and regression testing of the BlackBerry® Enterprise Server Version 4.1.4 assurance gained in the original TOE certification was maintained. As all of the changes to the TOE have been classified as minor, it is the conclusion of the CB that the maintained TOE is appropriate for assurance continuity and re-evaluation is not required.

5 References

  • Assurance Continuity: CCRA Requirements, CCIMB-2004-02-009, version 1.0, February 2004
  • Technical Oversight for Assurance Continuity of a Certified TOE, version 1.2, October 2005
  • Certification Report EAL2+ Evaluation of Research In Motion Limited Blackberry® Enterprise Server Version 4.1.3