Glossary
- Apple Business Manager
A simple, web-based portal for IT administrators that provides a fast, streamlined way for organisations to deploy Apple devices that they have purchased directly from Apple or from a participating Apple Authorised Reseller or carrier. They can automatically enrol devices in their mobile device management (MDM) solution without having to physically touch or prepare the devices before users get them.
- Apple Push Notification service (APNs)
A worldwide service provided by Apple that delivers push notifications to Apple devices.
- collaborative Protection Profile (cPP)
A Protection Profile developed by an international Technical Community, a group of experts charged with the creation of cPPs.
- Common Criteria (CC)
A standard that establishes the general concepts and principles of IT security evaluation and specifies a general model of evaluation. It includes catalogues of security requirements in a standardised language.
- Common Criteria Recognition Arrangement (CCRA)
A mutual recognition arrangement that establishes the policies and requirements for international recognition of certificates issued in accordance with the ISO/IEC 15408 series or Common Criteria standards.
- corecrypto
A library that provides implementations of low-level cryptographic primitives. Note that corecrypto does not directly provide programming interfaces for developers and is used through APIs provided to developers. The corecrypto source code is publicly available to allow for verification of its security characteristics and correct functioning.
- Cryptographic Algorithm Validation Program (CAVP)
An organisation operated by NIST to provide validation testing of Approved (for example, FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components.
- cryptographic module
The hardware, software and/or firmware that provide cryptographic functions and meet the requirements of a stated cryptographic module standard.
- Cryptographic Module Validation Program (CMVP)
An organisation operated by the US and Canadian governments to validate conformance with the FIPS 140-3 standard.
- Federal Information Processing Standard (FIPS)
Publications developed by the National Institute of Standards and Technology, either when required by statute or when there are compelling federal government requirements for cybersecurity or both.
- Full Disk Encryption (FDE)
Encryption of all data on a storage volume.
- Implementation under Test (IUT)
A cryptographic module being tested by a laboratory.
- Information Security Management System (ISMS)
A set of information security policies and procedures governing the boundaries of a security program designed to protect a scope of information and systems by systematically managing information security throughout the information and or system’s life cycle.
- international Technical Community (iTC)
A group responsible for developing Protection Profiles or collaborative Protection Profiles under the auspices of the Common Criteria Recognition Arrangement (CCRA).
- IPsec VPN Client
In a Protection Profile, a client that provides a secure IPsec connection between a physical or virtual host platform and a remote location.
- Managed Apple ID
Like any Apple ID, Managed Apple IDs are used to sign in to a personal or shared device. They are also used to access Apple services (such as iCloud and Apple School Manager). Unlike Apple IDs, Managed Apple IDs are owned and managed by your school or local authority and are designed to meet the needs of education institutions — including passcode resets, limitations on communications and role-based administration. Apple School Manager makes it easy to create a unique Managed Apple ID for each person in bulk.
- mobile device management (MDM)
A service that lets the user remotely manage enrolled devices. After a device is enrolled, the user can use the MDM service over the network to configure settings and perform other tasks on the device without user interaction.
- Modules in Process (MIP)
A list maintained by the Cryptographic Module Validation Program (CMVP) of cryptographic modules currently in the CMVP validation process.
- National Information Assurance Partnership (NIAP)
An organisation of the US government responsible for operating the US implementation of the Common Criteria standard and managing the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS).
- National Institute of Standards and Technology (NIST)
A part of the US Department of Commerce responsible for advancing measurement science, standards and technology.
- Protection Profile (PP)
A document specifying the security problem and the security requirements for a particular class of products.
- Secure Element (SE)
A silicon chip embedded in many Apple devices that supports functions such as Apple Pay.
- Secure Enclave Processor (SEP)
A coprocessor fabricated within a system on chip (SoC).
- Security Level (SL)
The four overall security levels (1–4) that are defined within ISO/IEC 19790 to describe sets of applicable security requirements. Level 4 is the most stringent.
- Security Target (ST)
A document that specifies the security problem and security requirements for a particular product.
- Senior Officials Group Information Systems Security (SOG-IS)
A group that manages a mutual recognition agreement between several European nations.
- sepOS
The Secure Enclave firmware based on an Apple-customised version of the L4 microkernel.
- Statement of Applicability (SOA)
A document that describes the security controls implemented in the scope of an ISMS, produced in support of an ISO/IEC 27001 certification.
- system on chip (SoC)
An integrated circuit (IC) that incorporates multiple components into a single chip.
- T2
An Apple security chip included in some Intel-based Mac computers since 2017.
- Apple Business Manager
A simple, web-based portal for IT administrators that provides a fast, streamlined way for organisations to deploy Apple devices that they have purchased directly from Apple or from a participating Apple Authorised Reseller or service provider. They can automatically enrol devices in their mobile device management (MDM) solution without having to physically touch or prepare the devices before users get them.