Security certifications for macOS
macOS cryptographic module validation background
Apple actively engages in the validation of Apple embedded software and hardware modules for each major release of an operating system. Validation of conformance can only be performed against a final module release version; the validation is formally submitted upon the public release of the operating system.
macOS cryptographic module validation status
The Cryptographic Module Validation Program (CMVP) maintains the validation status of cryptographic modules under four separate lists depending on their current status:
To be listed on the CMVP Implementation Under Test List, the laboratory must be contracted with Apple to provide testing.
After the testing has been completed by the laboratory, the lab has recommended validation by the CMVP, and the CMVP fees have been paid, the module is then added to the Modules in Process List. The MIP List tracks the progress of the CMVP validation efforts in four phases:
Review Pending: Waiting for CMVP resource to be assigned.
In Review: CMVP resources are performing their validation activities.
Coordination: The lab and the CMVP are resolving any issues found.
Finalization: The activities and formalities related to issuing the certificate.
After validation by the CMVP, the modules are awarded a certificate of conformance and added to the validated cryptographic modules list.
After 5 years or if the module certificate is revoked for some reason, the modules are moved to the “historical” list.
In 2020, the CMVP adopted the international standard ISO/IEC 19790 as the basis for FIPS 140-3.
FIPS 140-3 certifications
In 2020, Apple released Mac computers that are based on Apple silicon. The applicability of cryptographic modules to either Apple silicon or Intel-based Mac computers are indicated in column 3 in the table below.
Note: Apple T2 Security chips are included in many Intel-based Mac computers. For information about T2 chip certifications see Security certifications for the Apple T2 Security Chip.
The table below shows the 2020 cryptographic modules for macOS that are currently being tested by the laboratory for conformance with FIPS 140-3.
Dates | Certificates / Documents | Operating systems / Module info |
|---|---|---|
OS release date: 2020 Validation dates: — | Certificates: — Documents: — | Operating system: macOS 11 Big Sur on Apple silicon Name: Apple Corecrypto Module v11.1 Environment: Apple silicon, User, Software Type: Software Security level: 1 |
OS release date: 2020 Validation dates: — | Certificates: — Documents: — | Operating system: macOS 11 Big Sur on Apple silicon Name: Apple Corecrypto Module v11.1 Environment: Apple silicon, Kernel, Software Type: Software Security level: 1 |
OS release date: 2020 Validation dates: — | Certificates: — Documents: — | Operating system: macOS 11 Big Sur on Intel Name: Apple Corecrypto Module v11.1 Environment: Apple silicon, User, Software Type: Software Security level: 1 |
OS release date: 2020 Validation dates: — | Certificates: — Documents: — | Operating system: macOS 11 Big Sur on Intel Name: Apple Corecrypto Module v11.1 Environment: Apple silicon, Kernel, Software Type: Software Security level: 1 |
OS release date: 2020 Validation dates: — | Certificates: — Documents: — | Operating systems: iOS 14, iPadOS 14, macOS 11 Big Sur on Apple silicon, macOS 11 Big Sur on Intel, tvOS 14, watchOS 7 Name: Apple Corecrypto Module v11.1 Environment: Apple silicon, Secure key store, Hardware Type: Hardware Security level: 2 |
See a complete list of cryptographic modules at the NIST Computer Security Resource Center. You can see a list of modules currently being tested at the same website.
FIPS 140-2 certifications
The table below shows the cryptographic modules that are currently being tested and have been tested by the laboratory for conformance with FIPS 140-2.
macOS 10.15 Catalina user space, kernel space, and secure key store have completed laboratory testing and have been recommended by the laboratory to the CMVP for validation. They are listed on the Modules in Process List.
Note: Apple T2 Security chips are included in many Intel-based Mac computers. For information about T2 chip certifications see Security certifications for the Apple T2 Security Chip.
Dates | Certificates / Documents | Operating systems / Module info |
|---|---|---|
OS release date: 2019 Validation dates: — | Certificates: — Documents: — | Operating system: macOS 10.15 Catalina Name: Apple Corecrypto User Module v10.0 for Intel Type: Software Security level: 1 |
OS release date: 2019 Validation dates: — | Certificates: — Documents: — | Operating system: macOS 10.15 Catalina Name: Apple Corecrypto Kernel Module v10.0 for Intel Type: Software Security level: 1 |
OS release date: 2018 Validation dates: 2019-04-12 | Certificates: 3431 Documents: Certificate, Security Policy, Crypto Officer Guidance | Operating system: macOS 10.14 Mojave Name: Apple Corecrypto Kernel Module v9.0 for Intel Type: Software Security level: 1 |
OS release date: 2018 Validation dates: 2019-04-12 | Certificates: 3402 Documents: Certificate, Security Policy, Crypto Officer Guidance | Operating system: macOS 10.14 Mojave Name: Apple Corecrypto User Module v9.0 for Intel Type: Software Security level: 1 |
OS release date: 2017 Validation dates: 2018-03-22 | Certificates: 3516 Documents: Certificate, Security Policy, Crypto Officer Guidance | Operating systems: macOS 10.13 High Sierra Name: Apple Corecrypto Kernel Module v8.0 for Intel Type: Software Security level: 1 |
OS release date: 2017 Validation dates: 2018-03-22 | Certificates: 3155 Documents: Certificate, Security Policy, Crypto Officer Guidance | Operating system: macOS 10.13 High Sierra Name: Apple Corecrypto User Module v8.0 for Intel Type: Software Security level: 1 |
Previous versions
These previous OS X and macOS versions had cryptographic module validations. Those greater than 5 years old are listed by the CMVP with historical status:
macOS Sierra 10.12
OS X El Capitan 10.11
OS X Yosemite 10.10
OS X Mavericks 10.9
OS X Mountain Lion 10.8
OS X Lion 10.7
OS X Snow Leopard 10.6
Common Criteria (CC) certification background
Apple actively engages in the evaluation of macOS for each major release of the operating system. Evaluation can only be performed against a final publicly released version of the operating system.
Common Criteria (CC) certification status
The U.S. scheme, operated by NIAP, maintains a list of Products in Evaluation; this list includes products that are currently undergoing evaluation in the United States with a NIAP-approved Common Criteria Testing Laboratory (CCTL) and that have completed an Evaluation Kickoff Meeting (or equivalent) in which CCEVS management officially accepts the product into evaluation.
After products are certified, NIAP puts currently valid certifications on its Product Compliant list. After 2 years, these certifications are reviewed for conformance with the current assurance maintenance policy. After the assurance maintenance date has expired, NIAP moves the certification listing to its Archived Products list.
The Common Criteria Portal lists certifications that can be mutually recognized under the Common Criteria Recognition Arrangement (CCRA). The CC Portal may maintain products on the certified product list for 5 years; records are kept by the CC Portal for archived certifications.
The table below shows the certifications that are currently being evaluated by a laboratory, or that have been certified as conforming with Common Criteria.
Evaluations with NIAP for macOS evaluations using the General Purpose Operating System and Full Disk Encryption (FDE) (AA and EE) Protection Profiles are under way. For more information, see Products in evaluation (NIAP).
Operating system / Certification date | Scheme ID / Documents | Title / Protection Profiles |
|---|---|---|
Operating system: macOS Catalina 10.15 Certification date: 2020-09-23 | Scheme ID: 11077 Documents: Certificate, Security Policy, Crypto Officer Guidance | Title: macOS 10.15 Protection Profiles: PP_OS_V4.21 |
For questions about Apple Security and Privacy Certifications, contact security-certifications@apple.com.