Product security certifications, validations, and guidance for iOS

This article contains references for key product certifications, cryptographic validations, and security guidance for iOS platforms. If you have any questions regarding any content referenced here, please send an email message with your inquiry and full contact information to security-certifications@apple.com.

Cryptographic module validations

All Apple FIPS 140-2 Conformance Validation Certificates can be found on the CMVP vendor page.

iOS 8

iOS 7

iOS 6

Security configuration guides

Security-focused organizations provide well defined and vetted guidance for how to configure various platforms for accepted use. Security Configuration Guides provide an overview of features in OS X and iOS that you can use to enhance protection; this is known as "hardening your device." Worldwide governments have collaborated with Apple and developed guides designed to give instructions and recommendations for maintaining a more secure environment. 

To use these guides, you should be an experienced user or system administrator, be familiar with the user interface, and have some working knowledge of management tools for the target platform. It's beneficial to be familiar with basic networking concepts. Certain instructions in the guides are complex, and deviation could result in adverse effects or reduced protection. Thoroughly test any changes made to your device's settings before deployment.

iOS 8


Apple
iOS security (PDF)
SCAP-on-Apple


AU (DSD)
iOS Hardening Guidance
iOS Hardening Guide (PDF)
iOS Hardening Guide (iBook)


DE (BSI)
Recommendation


NZ (GCSB)
iOS Hardening Guidance
iOS Hardening Guide (PDF)
iOS Hardening Guide (iBook)


UK (GCHQ)
Devices Security (HTML)
Devices Security (PDF)


US (DISA, NIST, NSA)
Apple iOS 8 ISCG
SCAP-on-Apple

iOS 7


Apple
iOS security (PDF)
SCAP-on-Apple


AU (DSD)
Advice on iOS 7 (PDF)
Hardening guide (PDF)


DE (BSI)
Recommendation


NZ (GCSB)
Advice on iOS 7 (PDF)
Hardening guide


UK (GCHQ)
Device security
App development


US (DISA, NIST, NSA)
Apple iOS 7 STIG
SCAP-on-Apple

iOS 6


Apple
iOS security (PDF)
SCAP-on-Apple


AU (DSD)
Hardening guide(PDF)


DE (BSI)
Recommendation


NZ (GCSB)
Hardening guide (PDF)


UK (GCHQ)
Device guidance
App development


US (DISA, NIST, NSA)
Apple iOS 6 STIG
SCAP-on-Apple

 

 

 

 

Common Criteria Certification

The goal, as stated by the Common Criteria community, is for an internationally approved set of security standards to provide a clear and reliable evaluation of the security capabilities of Information Technology products. By providing an independent assessment of a product's ability to meet security standards, Common Criteria Certification gives customers more confidence in the security of Information Technology products and leads to more informed decisions.

Through a Common Criteria Recognition Arrangement (CCRA), twenty-six member countries have agreed to recognize the certification of Information Technology products with the same level of confidence. Membership along with the depth and breadth of Protection Profiles continues to grow on a yearly basis to address emerging technology. This agreement permits a product developer to pursue a single certification under any one of the Authorizing Schemes.

Those unfamiliar with the relatively recent restructuring of the certification approach under the new Common Criteria, should take notice that there is no longer any reference to Evaluated Assurance Levels (EAL#). Previous Protection Profiles (PP) were archived and have begun to be replaced with the development of targeted Protection Profiles focusing on specific solutions and environments. In a concerted effort to ensure continued mutual recognition across all CCRA members, the International Technical Community (iTC) continues to drive all future PP development and updates towards Collaborative Protection Profiles (cPP) which are developed from the start with involvement from multiple schemes.

Apple began pursuing certifications under this new Common Criteria restructure with selected PPs starting in early 2015. Apple’s publicly identified, active, and completed certifications are listed below. 

MDF PP v2.0
iOS 8
VID: 10614, (In-Eval)1
Technology type: Mobility
Completion Date: ETA: Q3CY15
 

VPN IPSec Client PP v1.4
VPN (IKEv2) Always On VPN
VID: (In-Process)2
Technology type: Virtual Private Network
Completion Date:  ETA: Q4CY15

1”Product In Evaluation” with NIAP (National Information Assurance Partnership)
2“Product In Process” with CCTL (Common Criteria Testing Laboratory)

Published major version updates to Protection Profiles by the Common Criteria community are generally expected to follow a 12-18 month cadence with additional or updated Security Functional Requirements (SFRs). Under the Common Criteria Portal, you can find a complete list of Protection Profiles (PPs), Collaborative Protection Profiles (cPPs) along with their validity dates. You can also locate them under your Scheme of choice such as the National Information Assurance Partnership (NIAP) which is the US scheme — Approved PPs, PPs in Development, and archived PPs.

Commercial Solutions for Classified (CSfC)

The goal, as stated at the Commercial Solutions for Classified, is as follows:

U.S. Government customers increasingly require immediate use of the market's most modern commercial hardware and software technologies within National Security Systems (NSS) in order to achieve mission objectives. Consequently, the National Security Agency/Central Security Service's (NSA/CSS) Information Assurance Directorate (IAD) is developing new ways to leverage emerging technologies to deliver more timely IA solutions for rapidly evolving customer requirements.

NSA/CSS's Commercial Solutions for Classified (CSfC) Program has been established to enable commercial products to be used in layered solutions protecting classified NSS data. This will provide the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not years.

There are an ever increasing number of classified environments that have desired to deploy Apple solutions, but have been held back for product certification reasons. With Apple’s pursuit of Common Criteria Certifications against the Protection Profiles noted above, it's enabled Apple products to be listed and available on the CSfC Components List. Once additional Common Criteria Certifications of Apple products have begun against each of the related protection profiles, the corresponding Apple components will be submitted for acceptance on the CSfC Components List and added to the table below.

Mobile Platform
iOS 8
Pre-qualification PP: MDFPP 2.0 [PP_MD_v2.0]
VID: 10614 (In-Eval)1
Completion date: ETA: Q3CY15

IPSec VPN Client
VPN (IKEv2 Always-On-VPN ONLY)
Pre-qualification PP: VPN IPSec Client PP v1.4 [PP_VPN_IPSEC_CLIENT_v1.4]
VID: (In-Process)2
Completion date: ETA: Q4CY15
 

1”Product In Evaluation” with NIAP (National Information Assurance Partnership)
2“Product In Process” with CCTL (Common Criteria Testing Laboratory)

Now, there are also an increasing number of classified environments in countries other than the United States which have come forward and requested Apple products be submitted to their programs similar to CSfC as well. If you're an authorized agent of your government's solutions program similar to NSA’s CSfC and are interested in getting Apple products on your equivalent Components List, please contact us at security-certifications@apple.com.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Last Modified:
Helpful?

Additional Product Support Information

Start a Discussion

in Apple Support Communities
See all questions on this article See all questions I have asked
United States (English)