Security certifications for Apple Applications

This article contains references for key product certifications, cryptographic validations, and security guidance for Apple native applications provided as part of an operating system.

In addition to the general certificates listed here, other certificates may have been issued in order to demonstrate specific security requirements for some markets. 

Contact us at security-certifications@apple.com if you have any questions.

The following documents can be useful in context with these certifications and validations:

For information on public certifications related to Apple Internet Services, see:

For information on public certifications related to Apple applications, see:

For information on public certifications related to Apple operating systems, see:

For information on public certifications related to hardware and associated firmware components, see:

For information on hardening guides for Apple devices, see:

Cryptographic module validations

All Apple FIPS 140-2/-3 Conformance Validation Certificates are on the CMVP web site. Apple actively engages in the validation of the CoreCrypto User and CoreCrypto Kernel modules for each major release of an operating system. Validation of conformance can only be performed against a final module release version and formally submitted upon OS public release. 

The CMVP maintains the validation status of cryptographic modules under four separate lists depending on their current status. The modules might begin in the Implementation Under Test List and then proceed to the Modules in Process List. Once validated, they appear on the validated cryptographic modules list, and after five years are moved to the "historical" list.

In 2020, the CMVP adopt the international standard, ISO/IEC 19790, as the basis for FIPS 140-3.

For more information about FIPS 140-2/-3 validations, see Apple Platform Security.

Apple’s native applications invoke the cryptographic modules that have been validated as part of the underlying platform. These are shown in the table below.

  CMVP Certificate Number Module Name Module Type SL Validation Date Documents
Please check the Implementation Under Test List and the Modules in Process List.
iOS 12 3438 Apple CoreCrypto Kernel Module v9.0 for ARM SW 1 2019-04-23
3433 Apple CoreCrypto User Module v9.0 for ARM SW 1 2019-04-11
3523 Apple Secure Key Store Cryptographic Module v9.0
(sepOS)
HW 2 2019-09-10
iOS 11 3148 Apple CoreCrypto User Module v8.0 for ARM SW 1 2018-03-09

2018-05-22

2018-07-06
3147 Apple CoreCrypto Kernel Module v8.0 for ARM SW 1 2018-03-09

2018-05-17

2018-07-03
3223 Apple Secure Key Store Cryptographic Module v1.0
(sepOS)
HW 1 2019-09-10

Common Criteria (CC) certifications

NIAP typically maintain evaluations on the Product Compliant List for two years, after which they are reviewed for conformance with the current assurance maintenance policy. The CC Portal may maintain products on the certified product list for five years. 

The Common Criteria Portal lists certifications that can be mutually recognized under the Common Criteria Recognition Arrangement (CCRA).

For more information about Common Criteria certifications, see Apple Platform Security.

In 2018, Apple initiated application security evaluations for key applications ruining on iOS 11 with the Safari browser and Contacts applications.

In 2019, Apple continued these with the Safari browser and Contacts applications running in iOS 12.

Apple will pursue further security evaluations of key applications on future operating system releases.

 

  Scheme ID Title Protection Profile(s) Date Certified Documents

Evaluations with NIAP for iOS13 (iPhone & iPad mobile device/VPN/Wireless/MDM Agent), Safari and Contacts are underway. For macOS: evaluations using the General purpose operating system and full disk encryption (AA and EE) Protection Profiles are underway. 

Products in evaluation (NIAP)

iOS 12 10960 iOS 12 Safari PP for Application SW

EP for Web Browsers
2019-06-12
10961 iOS 12 Contacts PP for Application SW 2019-02-28
iOS 11 10916 iOS 11 Safari PP for Application SW

EP for Web Browsers
2018-11-09
10915 iOS 11 Contacts PP for Application SW 2018-09-13

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: