Maintenance Addendum BlackBerry Smartphone Versions 4.6.1 and 4.7.0
Maintenance Report
Issued by:
Communications Security Establishment
Certification Body
Canadian Common Criteria Evaluation and Certification Scheme
2009 Government of Canada, Communications Security Establishment Canada
| Document number | 383-7-38-MR |
|---|---|
| Version | 1.0 |
| Date | February 20, 2009 |
Introduction
Research In Motion Limited has submitted (via EWA-Canada) the Impact Analysis Report (IAR) for BlackBerry® Smartphone Versions 4.6.1 and 4.7.0, satisfying the requirements outlined in Version 1.0 of the Common Criteria document CCIMB-2004-02-009: Assurance Continuity: CCRA Requirements. In accordance with those requirements, the IAR describes the changes made to BlackBerry® Smartphone Version 4.6.0 (the maintained Target of Evaluation), the evidence updated as a result of the changes and the security impact of the changes.
Description of changes to the TOE
The following characterizes the changes implemented in the BlackBerry® Smartphone Versions 4.6.1 and 4.7.0. For each change, it was verified that there were no required changes to the security functional requirements in the ST, and thorough functional and regression testing was conducted by the developer to ensure that the assurance in the Target of Evaluation (TOE) was maintained. The changes in the BlackBerry® Smartphone Versions 4.6.1 and 4.7.0 comprise bug fixes and performance improvements to the cryptographic module. The crypto module validation is covered by FIPS 140-2 validation certificates as indicated below. Changes to the TOE include:
- BlackBerry® Smartphone Version 4.6.1, Bundle 142 (4.6.1.83, Platform 3.0.0.41, Cryptographic Kernel 3.8.5.50a cert # pending 1) executing on device 8350i;
- BlackBerry® Smartphone Version 4.6.1, Bundle 167 (4.6.0.101, Platform 4.2.0.72, Cryptographic Kernel 3.8.5.50a cert # pending) executing on device 8900;
- BlackBerry® Smartphone Version 4.7.0, Bundle 111 (4.7.0.78, Platform 4.0.0.98, Cryptographic Kernel 3.8.5.51 cert # pending) executing on device 9500;
- BlackBerry® Smartphone Version 4.7.0, Bundle 107 (4.7.0.75, Platform 4.0.0.94, Cryptographic Kernel 3.8.5.51 cert # pending) executing on device 9530; and
- BlackBerry® Smartphone Version 4.7.0, Bundle 109 (4.7.0.76, Platform 4.0.0.96, Cryptographic Kernel 3.8.5.51 cert # pending) executing on device 9530.
Description of Changes to the IT Environment
Changes to the underlying IT environment are permissible under assurance continuity provided that they do not change the certified TOE. Research In Motion Limited subjected the TOE to complete regression testing on all platforms. Changes to the IT environments hardware are:
- BlackBerry® Smartphone Version 4.6.1 Bundle 142 executing on the BlackBerry 8350i device;
- BlackBerry® Smartphone Version 4.6.1 Bundle 167 executing on the BlackBerry 8900 device;
- BlackBerry® Smartphone Version 4.7.0 Bundle 111 executing on the BlackBerry 9500 device; and
- BlackBerry® Smartphone Version 4.7.0 Bundles 107 and 109 executing on the BlackBerry 9530 device.
Affected developer evidence
Modifications to the product necessitated changes to a subset of the developer evidence that was previously submitted for the TOE. The set of affected developer evidence was identified in the IAR.
Conclusions
All changes to the TOE were bug fixes and performance improvements. Through functional and regression testing of the BlackBerry® Smartphone Versions 4.6.1 and 4.7.0 assurance gained in the original TOE certification was maintained. As all of the changes to the TOE have been classified as minor, it is the conclusion of the CB that the maintained TOE is appropriate for assurance continuity and re-evaluation is not required.
References
Assurance Continuity: CCRA Requirements, CCIMB-2004-02-009, version 1.0, February 2004 - PDF (220KB)
Technical Oversight for Assurance Continuity of a Certified TOE, version 1.2, October 2005 - PDF (143KB)