macOS security certifications
macOS certification background
Apple actively engages in the provision of security assurance of macOS for each major release of an operating system using appropriate Protection Profiles and for the cryptographic modules, FIPS 140-3 requirements.
Validation of conformance can be performed only against a final released version of macOS.
macOS cryptographic module validation status
The Cryptographic Module Validation Program (CMVP) maintains the validation status of cryptographic modules under three separate lists depending on their current status.
For more information, see Cryptographic module validation status information.
For Apple computers, the table below shows which cryptographic modules are applicable to which Mac technology.
Cryptographic module | Security Level | Mac computers with Apple silicon | Mac computers with the Apple T2 Security Chip | Intel-based Mac computers without the Apple T2 Security Chip | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Apple silicon User Space | 1 | ||||||||||
Apple silicon Kernel | 1 | ||||||||||
Intel User Space | 1 | ||||||||||
Intel Kernel | 1 | ||||||||||
Secure Key Store | 2 | ||||||||||
Secure Key Store | 2 (with Physical Security L3) |
FIPS 140-3 certifications
In 2020, Apple released Mac computers that are based on Apple silicon. The applicability of cryptographic modules to either Apple silicon or Intel-based Mac computers is indicated in the Module Info column in the table below.
Note: Apple T2 Security chips are included in many Intel-based Mac computers. For information about T2 chip certifications see Apple T2 Security Chip security certifications.
macOS ssh client
OpenSSH can be configured to use FIPS 140-3 validated modules for select FIPS 140-3 algorithms.Organisations can run a signed and notarised installer that is available from Apple with the password FIPS140Mode. The installer places two files on the Mac computer:
fips_ssh_config: Placed in /private/etc/ssh/ssh_config.d/
fips_sshd_config: Placed in /private/etc/ssh/sshd_config.d/
macOS then uses these files to limit the ciphers available to OpenSSH to only those that have been validated by NIST and ensures the OpenSSH client uses the platform-provided, validated cryptographic module. Administrators can also create their own files. For more information, see the apple_ssh_and_fips
man page in macOS 12.0.1 or later.
The table below shows the Apple cryptographic modules that are currently being tested by a laboratory, that have been recommended by a laboratory for validation by the CMVP, or that have been validated and certified as conformant to FIPS 140-3 by the CMVP.
Dates | Certificates/Documents | Module info |
---|---|---|
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified | Title: Apple Corecrypto Module v13.0 Operating system: macOS 13 Ventura on Apple silicon Environment: Apple silicon/ARM, User, Software Type: Software Security Level: 1 |
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified | Title: Apple Corecrypto Module v13.0 Operating system: macOS 13 Ventura on Apple silicon Environment: Apple silicon/ARM, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified | Title: Apple Corecrypto Module v13.0 Operating system: sepOS distributed with macOS 13 Ventura on Apple silicon Environment: Apple silicon, Secure Key Store, Hardware Type: Hardware (M1, M1 Pro, M1 Max, M1 Ultra, M2) Security Level: 2 Physical Security Level: 3 |
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified | Title: Apple Corecrypto Module v13.0 Operating system: macOS 13 Ventura on Intel Environment: Intel, User, Software Type: Software Security Level: 1 |
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified | Title: Apple Corecrypto Module v13.0 Operating system: macOS 13 Ventura on Intel Environment: Intel, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified | Title: Apple Corecrypto Module v13.0 Operating system: sepOS distributed with macOS 13 Ventura ARM T2 Environment: T2, Secure Key Store, Hardware Type: Hardware (T2) Security Level: 2 |
Operating system release date: 2021 Validation dates: 01-10-2024 | Certificates: 4817 | Title: Apple Corecrypto Module v12.0 Operating system: macOS 12 Monterey on Apple silicon Environment: Apple silicon, User, Software Type: Software Security Level: 1 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified | Title: Apple Corecrypto Module v12.0 Operating system: macOS 12 Monterey on Apple silicon Environment: Apple silicon, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified | Title: Apple Corecrypto Module v12.0 Operating system: sepOS distributed with macOS 12 Monterey on Apple silicon Environment: Apple silicon, Secure Key Store, Hardware Type: Hardware (M1, M1 Pro, M1 Max) Security Level: 2 Physical Security Level: 3 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified | Title: Apple Corecrypto Module v12.0 Operating system: macOS 12 Monterey on Intel Environment: Intel, User, Software Type: Software Security Level: 1 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified | Title: Apple Corecrypto Module v12.0 Operating system: macOS 12 Monterey on Intel Environment: Intel, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified | Title: Apple Corecrypto Module v12.0 Operating system: sepOS distributed with macOS 12 Monterey on Intel with T2 Environment: Intel, Secure Key Store, Hardware Type: Hardware (T2) Security Level: 2 |
Operating system release date: 2020 Validation dates: 07-12-2022 | Certificates: 4389 | Title: Apple Corecrypto Module v11.1 Operating system: macOS 11 Big Sur on Intel Environment: Intel, User, Software Type: Software Security Level: 1 |
Operating system release date: 2020 Validation dates: 07-12-2022 | Certificates: 4390 | Title: Apple Corecrypto Module v11.1 Operating system: macOS 11 Big Sur on Intel Environment: Intel, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2020 Validation dates: 07-12-2022 | Certificates: 4391 | Title: Apple Corecrypto Module v11.1 Operating system: macOS 11 Big Sur on Apple silicon Environment: Apple silicon, User, Software Type: Software Security Level: 1 |
Operating system release date: 2020 Validation dates: 07-12-2022 | Certificates: 4392 | Title: Apple Corecrypto Module v11.1 Operating system: macOS 11 Big Sur on Apple silicon Environment: Apple silicon, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2020 Validation dates: 09-08-2024 | Certificates: 4756 | Title: Apple Corecrypto Module v11.1 Operating system: sepOS distributed with macOS 11 Big Sur on Apple silicon, sepOS distributed with macOS 11 Big Sur on Intel Environment: Apple silicon, Secure Key Store, Hardware Type: Hardware (M1) Security Level: 2 |
Operating system release date: 2020 Validation dates: 09-08-2024 | Certificates: 4757 | Title: Apple Corecrypto Module v11.1 Operating system: sepOS distributed with macOS 11 Big Sur on Apple silicon Environment: Apple silicon, Secure Key Store, Hardware Type: Hardware (M1) Security Level: 2 Physical Security Level: 3 |
FIPS 140-2 certifications
Note: Apple T2 Security chips are included in many Intel-based Mac computers. For information about T2 chip certifications see Apple T2 Security Chip security certifications.
The table below shows the cryptographic modules that are certified by the CMVP as conformant with FIPS 140-2.
Dates | Certificates/Documents | Module info |
---|---|---|
Operating system release date: 2019 Validation dates: 24-03-2021 | Certificates: 3859 | Title: Apple Corecrypto User Space Module for Intel (ccv10) Operating system: macOS 10.15 Catalina Type: Software Security Level: 1 |
Operating system release date: 2019 Validation dates: 24-03-2021 | Certificates: 3858 | Title: Apple Corecrypto Kernel Module v10.0 for Intel (ccv10) Operating system: macOS 10.15 Catalina Type: Software Security Level: 1 |
Previous versions
These OS X and macOS versions previously had cryptographic module validations. Those more than five years old are listed by the CMVP with historical status:
2018 in macOS 10.14 Mojave-FIPS 140-2
2017 in macOS 10.13 High Sierra-FIPS 140-2
2016 in macOS 10.12 Sierra-FIPS 140-2
2015 in OS X 10.11 El Capitan-FIPS 140-2
2014 in OS X 10.10 Yosemite-FIPS 140-2
2013 in OS X 10.9 Mavericks-FIPS 140-2
2012 in OS X 10.8 Mountain Lion-FIPS 140-2
2011 in OS X 10.7 Lion-FIPS 140-2
2009 in OS X 10.6 Snow Leopard-FIPS 140-2
Common Criteria (CC) certification background
Apple actively engages in the evaluation of macOS for each major release of the operating system. Evaluation can only be performed against a final publicly released version of the operating system.
Common Criteria (CC) certification status
The US scheme, operated by the National Information Assurance Project (NIAP), maintains a list of Products in Evaluation; this list includes products that are currently undergoing evaluation in the United States with a NIAP-approved Common Criteria Testing Laboratory (CCTL) and that have completed an Evaluation Kickoff Meeting (or equivalent) in which CCEVS management officially accepts the product into evaluation.
For more information, see Common Criteria (CC) certification status information.
The table below shows the certifications that are currently being evaluated by a laboratory or that have been certified as conforming with Common Criteria.
Operating system / Certification date | Scheme ID / Documents | Title / Protection Profiles |
---|---|---|
Operating system: macOS 14 Sonoma Certification date: — | Scheme ID: Not yet certified | Title: Apple macOS 14 Sonoma Protection Profiles: PP-Configuration for General Purpose Operating Systems MDM Agent, Biometric enrolment/verification for unlocking the device, and Bluetooth |
Operating system: macOS 14 Sonoma Certification date: — | Scheme ID: Not yet certified | Title: Apple FileVault 2 with macOS 14 Sonoma Protection Profiles: Full Drive Encryption - Authorisation Acquisition Full Drive Encryption - Encryption Engine Version |
Operating system: macOS 13 Ventura Certification date: 06-02-2024 | Scheme ID: 11347 | Title: macOS 13 Ventura Protection Profiles: PP-Configuration for General Purpose Operating Systems and Bluetooth Version 1.0 as of 2021-04-15 |
Operating system: macOS 13 Ventura Certification date: 04-12-2023 | Scheme ID: 11348 | Title: Apple FileVault 2 with macOS 13 Ventura Protection Profiles: PP-Configuration for General Purpose Operating Systems Version 4.2.1 |
Archived Common Criteria certifications for macOS
These previous macOS versions had Common Criteria validations. They are archived by NIAP according to the NIAP policy:
Operating system / Certification date | Scheme ID / Documents | Title / Protection Profiles |
---|---|---|
Operating system: macOS 10.15 Catalina Certification date: 29-04-2021 | Scheme ID: 11078 | Title: Apple FileVault 2 on T2 computers using macOS 10.15 Catalina Protection Profiles: Collaborative Protection Profile for Full Drive Encryption - Authorisation Acquisition Version 2.0 + Errata 20190201 Collaborative Protection Profile for Full Drive Encryption - Encryption Engine Version 2.0 + Errata 20190201 |
Operating system: macOS 10.15 Catalina Certification date: 23-09-2020 | Scheme ID: 11077 | Title: macOS 10.15 Catalina Protection Profiles: PP_OS_V4.21 |
For questions about Apple Security and Privacy Certifications, contact security-certifications@apple.com.