Maintenance Report BlackBerry Enterprise Server 5.0.1 (March 2010)
Maintenance Report
p;Issued by:
Communications Security Establishment
Certification Body
Canadian Common Criteria Evaluation and Certification Scheme
© Government of Canada, Communications Security Establishment Canada, 2010
| Document number | 383-7-46-MR |
|---|---|
| Version | 1.0 |
| Date | 24 March 2010 |
Introduction
Research In Motion Limited has submitted (via EWA-Canada) the Impact Analysis Report (IAR) for BlackBerry® Enterprise Server 5.0.1, satisfying the requirements outlined in Version 1.0 of the Common Criteria document CCIMB-2004-02-009: Assurance Continuity: CCRA Requirements. In accordance with those requirements, the IAR describes the changes made to BlackBerry® Enterprise Server 5.0.1 (the maintained Target of Evaluation), the evidence updated as a result of the changes and the security impact of the changes.
Description of changes to the TOE
The following characterizes the changes implemented in the BlackBerry® Enterprise Server 5.0.1. For each change, it was verified that there were no required changes to the security functional requirements in the ST, and thorough functional and regression testing was conducted by the developer to ensure that the assurance in the Target of Evaluation (TOE) was maintained. The changes in the BlackBerry® Enterprise Server 5.0.1 comprise bug fixes.
Description of Changes to the IT Environment
Changes to the underlying IT environment are permissible under assurance continuity provided that they do not change the certified TOE. Research In Motion Limited subjected the TOE to complete regression testing on an additional operating system. In addition to running on Windows Server 2003 Service Pack 2, BlackBerry® Enterprise Server 5.0.1 runs on Windows Server 2008 Service Pack 2.
Affected developer evidence
Modifications to the product necessitated changes to a subset of the developer evidence that was previously submitted for the TOE. The set of affected developer evidence was identified in the IAR.
Conclusions
All changes to the TOE were bug fixes. Through functional and regression testing of the BlackBerry® Enterprise Server 5.0.1 assurance gained in the original TOE certification was maintained. As all of the changes to the TOE have been classified as minor, it is the conclusion of the CB that the maintained TOE is appropriate for assurance continuity and re-evaluation is not required.
References
- Assurance Continuity: CCRA Requirements, CCIMB-2004-02-009, version 1.0, February 2004 - PDF (220KB)
- Technical Oversight for Assurance Continuity of a Certified TOE, version 1.2, October 2005 - PDF (143KB)
- Certification Report for EAL 4+ Evaluation of Blackberry Enterprise Server 5.0.0, 27 April 2009