Cryptographic module validation status information
The Cryptographic Module Validation Program (CMVP) maintains the validation status of cryptographic modules under three separate lists depending on their current status:
To be listed on the CMVP Implementation Under Test List, the laboratory must be contracted with Apple to provide testing.
After the testing has been completed by the laboratory, the lab has recommended validation by the CMVP and the CMVP fees have been paid, the module is then added to the Modules in Process List. The MIP List tracks the progress of the CMVP validation efforts in four phases:
Review Pending: Waiting for CMVP resource to be assigned.
In Review: CMVP resources are performing their validation activities.
Coordination: The lab and the CMVP are resolving any issues found.
Finalisation: The activities and formalities related to issuing the certificate.
After validation by the CMVP, the modules are awarded a certificate of conformance and added to the validated cryptographic modules list. This includes:
Validated modules that are marked as active.
After 5 years the modules are marked as historical.
If the module certificate is revoked for some reason, then it is marked as revoked.
In 2020, the CMVP adopted the international standard ISO/IEC 19790 as the basis for FIPS 140-3.
For questions about Apple Security and Privacy Certifications, contact security-certifications@apple.com.