OS X: Security certifications and validations

This article contains references for key product certifications, cryptographic validations, and security guidance for OS X platforms.

Click a topic for more information:

Volatility Statements

Government organizations and their supporting contractors who are required to provide a Volatility Statement from the product manufacturer can obtain one by sending an email request to AppleFederal@apple.com and providing the Requesting Government Agency, Apple Product Name, Product Serial Number, and Government Technical Contact for the request.

Common Criteria Certification

Common Criteria, an internationally approved set of security standards, provides a clear and reliable evaluation of the security capabilities of Information Technology products. By providing an independent assessment of a product's ability to meet security standards, Common Criteria Certification gives customers more confidence in the security of Information Technology products and leads to more informed decisions.

Through a Common Criteria Recognition Arrangement (CCRA), twenty-six member countries have agreed to recognize the certification of Information Technology products with the same level of confidence.

 OS X Mountain Lion v10.8OS X Lion v10.7
Configuration & Administration Guide

Admin Guide v2.1

Admin Guide v2.1

About Common Criteria Audit Tools

1

1

Audit Tools Download

1

1

Whitepaper

2

2

Test Cases

2

2

Security Target

2

2

Validation Report

2

2

Validation Certificate

2

2

Conformance Claims

2

2

  1. Command line interface (CLI) Security Audit Tools are built-in to Mac OS X v10.6 and later.  See the Admin Guide.
  2. This Mac OS X version was not submitted for Common Criteria Certification.

FIPS 140 Conformance Validation

The National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standards (FIPS) 140-2 and other cryptography based standards. The CMVP is a joint effort between NIST and the Communications Security Establishment of the Government of Canada (CSEC). 

FIPS 140-2 refers specifically to the security requirements for cryptographic modules. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed.  A complete description of each level can be found within the FIPS 140-2 publication found on the NIST website (FIPS PUB 140-2).

Cryptographic Modules validated as conforming to FIPS 140-2 are accepted by the Federal Agencies of both countries for the protection of sensitive information.

The CMVP web portal contains complete details on the program, all the related standards and documents, as well as the official lists of FIPS 140-1 and FIPS 140-2 validated cryptographic modules.

Cryptographic Module Validations

All Apple FIPS 140-2 Conformance Validation Certificates can be found on the CMVP Vendor page http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm.

OS X Mavericks v10.9

Related articles:

OS X Mountain Lion v10.8

Related articles:


OS X Lion v10.7

Related articles:


Mac OS X Snow Leopard v10.6

Related articles:

Security Guides

OrganizationOS X 10.9OS X 10.8
AppleSCAP-On-AppleSCAP-On-Apple
UK (GCHQ)Device Guidance
Provisioning Script
Device Guidance
Provisioning Script
US (NIST)SCAP-On-AppleSCAP-On-Apple
US (NSA)SCAP-On-AppleSCAP-On-Apple

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information.

Last Modified: Oct 6, 2014
Helpful?
Yes
No
  • Last Modified: Oct 6, 2014
  • Article: HT201159
  • Views:

    227

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked