Languages

OS X: Security certifications and validations

This article contains references for key product certifications, cryptographic validations, and security guidance for OS X platforms.

Click a topic for more information:

Volatility Statements

Government organizations and their supporting contractors who are required to provide a Volatility Statement from the product manufacturer can obtain one by sending an email request to AppleFederal@apple.com and providing the Requesting Government Agency, Apple Product Name, Product Serial Number, and Government Technical Contact for the request.

Common Criteria Certification

Common Criteria, an internationally approved set of security standards, provides a clear and reliable evaluation of the security capabilities of Information Technology products. By providing an independent assessment of a product's ability to meet security standards, Common Criteria Certification gives customers more confidence in the security of Information Technology products and leads to more informed decisions.

Through a Common Criteria Recognition Arrangement (CCRA), twenty-six member countries have agreed to recognize the certification of Information Technology products with the same level of confidence.

Configuration & Administration Guide
About Common Criteria Audit Tools
1
1
Audit Tools Download
1
1
Whitepaper
2
2
Test Cases
2
2
Security Target
2
2
Validation Report
2
2
Validation Certificate
2
2
Conformance Claims
2
2
  1. Command line interface (CLI) Security Audit Tools are built-in to Mac OS X v10.6 and later.  See the Admin Guide.
  2. This Mac OS X version was not submitted for Common Criteria Certification.

FIPS 140 Conformance Validation

The National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standards (FIPS) 140-2 and other cryptography based standards. The CMVP is a joint effort between NIST and the Communications Security Establishment of the Government of Canada (CSEC). 

FIPS 140-2 refers specifically to the security requirements for cryptographic modules. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed.  A complete description of each level can be found within the FIPS 140-2 publication found on the NIST website (FIPS PUB 140-2).

Cryptographic Modules validated as conforming to FIPS 140-2 are accepted by the Federal Agencies of both countries for the protection of sensitive information.

The CMVP web portal contains complete details on the program, all the related standards and documents, as well as the official lists of FIPS 140-1 and FIPS 140-2 validated cryptographic modules.

Cryptographic Module Validations

All Apple FIPS 140-2 Conformance Validation Certificates can be found on the CMVP Vendor page http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm.

OS X Mavericks v10.9

Related articles:

OS X Mountain Lion v10.8

Related articles:


OS X Lion v10.7

Related articles:


Mac OS X
Snow Leopard v10.6

Related articles:

 

Security Guides

Apple SCAP-On-Apple SCAP-On-Apple
UK (GCHQ) Device Guidance
Provisioning Script
Device Guidance
Provisioning Script
US (NIST) SCAP-On-Apple SCAP-On-Apple
US (NSA) SCAP-On-Apple SCAP-On-Apple
Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.
Last Modified: Feb 14, 2014
Helpful?
Yes
No
Not helpful Somewhat helpful Helpful Very helpful Solved my problem
Print this page
  • Last Modified: Feb 14, 2014
  • Article: HT5588
  • Views:

    18526
  • Rating:
    • 73.0

    (59 Responses)
Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked