Maintenance Addendum BlackBerry Smartphone Version 4.6.0

Canadian Common Criteria Scheme (CCCS)

Maintenance Report

BlackBerry® Smartphone Version 4.6.0

 Issued by:

Communications Security Establishment

Certification Body

Canadian Common Criteria Evaluation and Certification Scheme

© 2008 Government of Canada, Communications Security Establishment Canada

Document number 383-7-34-MR
Version 1.0
Date December 18, 2008

1 Introduction

On 26 November 2008, Electronic Warfare Associates-Canada (EWA-Canada) submitted an Impact Analysis Report to the CCS Certification Body on behalf of Research In Motion Limited, the developer of the BlackBerry® Smartphone Version 4.6.0 product. The Impact Analysis Report is intended to satisfy requirements outlined in version 1.0 of the Common Criteria document CCIMB-2004-02-009: Assurance Continuity: CCRA Requirements. In accordance with those requirements, the Impact Analysis Report (IAR) describes the changes made to BlackBerry® Wireless Handheld Software Version 4.3.0 (the maintained Target of Evaluation), the evidence updated as a result of the changes and the security impact of the changes.

2 Description of changes to the TOE

The following characterizes the changes implemented in the BlackBerry® Smartphone Version 4.6.0. For each change, it was verified that there were no required changes to the security functional requirements in the ST, and thorough functional and regression testing was conducted by the developer to ensure that the assurance in the Target of Evaluation (TOE) was maintained. The changes in the BlackBerry® Smartphone Version 4.6.0 comprise bug fixes and performance improvements to the cryptographic module. The crypto module validation is covered by FIPS 140-2 validation certificate as indicated below. Changes to the TOE include:

  • BlackBerry Smartphone Version 4.6.0, Bundle 281 (4.6.0.155, Platform 4.1.0.55, Cryptographic Kernel 3.8.5.50a cert # pending);
  • BlackBerry Smartphone Version 4.6.0, Bundle 296 (4.6.0.165, Platform 4.1.0.55, Cryptographic Kernel 3.8.5.50a cert # pending);
  • BlackBerry Smartphone Version 4.6.0, Bundle 243 (4.6.0.126, Platform 4.0.0.135, Cryptographic Kernel 3.8.5.48 cert # pending);
  • BlackBerry Smartphone Version 4.6.0, Bundle 263 (4.6.0.144, Platform 4.0.0.143, Cryptographic Kernel 3.8.5.50a cert # pending);
  • BlackBerry Smartphone Version 4.6.0, Bundle 292 (4.6.0.162, Platform 4.0.0.155, Cryptographic Kernel 3.8.5.50a cert # pending); and
  • BlackBerry Smartphone Version 4.6.0, Bundle 298 (4.6.0.167, Platform 4.0.0.157, Cryptographic Kernel 3.8.5.50a cert # pending).

3 Description of Changes to the IT Environment

Changes to the underlying IT environment are permissible under assurance continuity provided that they do not change the certified TOE. Research In Motion Limited subjected the TOE to complete regression testing on all platforms. Changes to the IT environments hardware are:

  • BlackBerry Smartphone Version 4.6.0 Bundles 281 and 296 executing on the BlackBerry 8220; and
  • BlackBerry Smartphone Version 4.6.0 Bundles 243, 263, 292 and 298 executing on the BlackBerry 9000.

4 Affected developer evidence

Modifications to the product necessitated changes to a subset of the developer evidence that was previously submitted for the TOE. The set of affected developer evidence was identified in the IAR.

5 Conclusion

All changes to the TOE were bug fixes and performance improvements. Through functional and regression testing of the BlackBerry® Smartphone Version 4.6.0 assurance gained in the original TOE certification was maintained. As all of the changes to the TOE have been classified as minor, it is the conclusion of the CB that the maintained TOE is appropriate for assurance continuity and re-evaluation is not required.

6 References