National regulations security certifications
Some nations maintain regulations and policies to qualify devices for specific use scenarios. National legislation and policy can result in specific requirements for security that must be met in order to qualify devices for their specific use cases, such as secure or restricted communications. These aforementioned use cases are often related to use by government agencies, but may also include national security-related legislation and regulation for devices to be approved for use nationwide.
Apple is actively participating in several governmental security evaluations and certifications globally.
Germany
The German federal office for information security (Bundesamt für Sicherheit in der Informationstechnik, BSI) is the agency responsible for commissioning the security evaluation and qualification of our devices for all the German federal government entities.
The BSI has examined the general security features and the possibilities for the secure use of the devices for the iOS and iPadOS operating systems. The tests have confirmed the effectiveness of the embedded security features and concluded that the apps for Calendar, Contacts and Mail integrated into commercial iPhone and iPad devices also complement the existing portfolio of secure mobile solutions when processing information in the classification level “Verschlusssache - nur für den Dienstgebrauch”.
The evaluation was performed by an independent laboratory and BSI, on the basis of the standards and methodology of the internationally recognised Common Criteria at EAL4+ assurance level. The solution is known as indigo. (cf. BSI-approved IT security products and systems). The table below shows the current indigo certification status.
Operating system and certification date | Scheme ID | Protection Profiles |
---|---|---|
Operating system: iOS/iPadOS 18 (Operating permit) Certification date: 11-10-2024 | BSI-VSA-10901 | Mobile Solutions for Government Operations |
Operating system: iOS/iPadOS 17 (Full approval) Certification date: 18-06-2024 | BSI-VSA-10871 | Mobile Solutions for Government Operations |
Operating system: iOS/iPadOS 17 (Operating permit) Certification date: 18-06-2024 | BSI-VSA-10872 | Mobile Solutions for Government Operations |
United States
The United States has policies regarding the use of devices in Government settings. These include the requirements for Common Criteria evaluations using protection profiles approved by the National Information Assurance Partnership (NIAP) and FIPS 140-3 certification for all cryptography used by the US Government. The relevant certifications are given on the pages for hardware, operating systems and app certifications.
Spain
The CPSTIC is the Spain National Cryptologic Centre’s Catalogue of Information and Communication Technology Security Products and Services. The purpose of this catalogue is to offer public entities a set of reference products or services whose security functionalities related to the object of their acquisition have been certified. Users can check the Apple products that have been qualified and included in the CPSTIC on their website.
For questions about Apple Security and Privacy Certifications, contact security-certifications@apple.com.