Glossary

Apple Business Manager

A simple, web-based portal for IT administrators that provides a fast, streamlined way for organizations to deploy Apple devices that they have purchased directly from Apple or from a participating Apple Authorized Reseller or carrier. They can automatically enroll devices in their mobile device management (MDM) solution without having to physically touch or prepare the devices before users get them.

Apple Business Essentials

Apple Business Essentials is one complete subscription that seamlessly brings together device management, 24/7 support, and cloud storage so small business can manage every employee’s iPhone, iPad, and Mac every step of the way.

Apple Push Notification service (APNs)

A worldwide service provided by Apple that delivers push notifications to Apple devices.

Apple School Manager

A simple, web-based portal for IT administrators that provides a fast, streamlined way for organizations to deploy Apple devices that they have purchased directly from Apple or from a participating Apple Authorized Reseller or carrier. They can automatically enroll devices in their mobile device management (MDM) solution without having to physically touch or prepare the devices before users get them.

collaborative Protection Profile (cPP)

A Protection Profile developed by an international Technical Community, a group of experts charged with the creation of cPPs.

Common Criteria (CC)

A standard that establishes the general concepts and principles of IT security evaluation and specifies a general model of evaluation. It includes catalogs of security requirements in a standardized language.

Common Criteria Recognition Arrangement (CCRA)

A mutual recognition arrangement that establishes the policies and requirements for international recognition of certificates issued in accordance with the ISO/IEC 15408 series or Common Criteria standards.

corecrypto

A library that provides implementations of low-level cryptographic primitives. Note that corecrypto does not directly provide programming interfaces for developers and is used through APIs provided to developers. The corecrypto source code is publicly available to allow for verification of its security characteristics and correct functioning.

cryptographic module

The hardware, software, and/or firmware that provide cryptographic functions and meet the requirements of a stated cryptographic module standard.

Cryptographic Algorithm Validation Program (CAVP)

An organization operated by NIST to provide validation testing of Approved (for example, FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components.

Cryptographic Module Validation Program (CMVP)

An organization operated by the U.S. and Canadian governments to validate conformance with the FIPS 140-3 standard.

Federal Information Processing Standard (FIPS)

Publications developed by the National Institute of Standards and Technology, either when required by statute, or when there are compelling federal government requirements for cybersecurity, or both.

Full Disk Encryption (FDE)

Encryption of all data on a storage volume.

Implementation under Test (IUT)

A cryptographic module being tested by a laboratory.

Information Security Management System (ISMS)

A set of information security policies and procedures governing the boundaries of a security program designed to protect a scope of information and systems by systematically managing information security throughout the information and or system’s life cycle.

international Technical Community (iTC)

A group responsible for developing Protection Profiles or collaborative Protection Profiles under the auspices of the Common Criteria Recognition Arrangement (CCRA).

IPsec VPN Client

In a Protection Profile, a client that provides a secure IPsec connection between a physical or virtual host platform and a remote location.

mobile device management (MDM)

A service that lets the user remotely manage enrolled devices. After a device is enrolled, the user can use the MDM service over the network to configure settings and perform other tasks on the device without user interaction.

Modules in Process (MIP)

A list maintained by the Cryptographic Module Validation Program (CMVP) of cryptographic modules currently in the CMVP validation process.

National Information Assurance Partnership (NIAP)

An organization of the U.S. government responsible for operating the U.S. implementation of the Common Criteria standard and managing the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS).

National Institute of Standards and Technology (NIST)

A part of the U.S. Department of Commerce responsible for advancing measurement science, standards, and technology.

Protection Profile (PP)

A document specifying the security problem and the security requirements for a particular class of products.

Secure Element (SE)

A silicon chip embedded in many Apple devices that supports functions such as Apple Pay.

Secure Enclave Processor (SEP)

A coprocessor fabricated within a system on chip (SoC).

Security Level (SL)

The four overall security levels (1–4) that are defined within ISO/IEC 19790 to describe sets of applicable security requirements. Level 4 is the most stringent.

Security Target (ST)

A document that specifies the security problem and security requirements for a particular product.

Senior Officials Group Information Systems Security (SOG-IS)

A group that manages a mutual recognition agreement between several European nations.

sepOS

The Secure Enclave firmware, based on an Apple-customized version of the L4 microkernel.

Statement of Applicability (SOA)

A document that describes the security controls implemented in the scope of an ISMS, produced in support of an ISO/IEC 27001 certification.

system on chip (SoC)

An integrated circuit (IC) that incorporates multiple components into a single chip.