Apple security assurance
Apple pursues a comprehensive approach with security certifications to provide customers with the appropriate assurance for all Apple platforms. However, not all technical areas have globally accepted, comprehensive security certification standards. For several certifications that are well defined and globally accepted, Apple pursues and achieves annual certifications in alignment with each major OS release. For coverage in underrepresented areas, Apple has actively engaged in the development of emerging security standards. The mission is to drive globally accepted, comprehensive security certification coverage across Apple hardware, software, and services.
Hardware and software certifications and validations
With comprehensive development and management of the whole platform from silicon through the operating system, services and apps, Apple starts with certification building blocks that apply broadly across multiple platforms where appropriate. One such building block is the validation of corecrypto used for all software and hardware cryptographic module deployments within Apple developed operating systems. A second such building block is the certification of the Secure Enclave Processor, which is now embedded in many Apple devices. A third is the certification of the Secure Element found in all iPhones and Mac computers with Touch ID. These hardware certification building blocks form a foundation for broader platform security certifications.
Cryptographic Module Validations FIPS 140-2/3 (ISO/IEC 19790)
The cryptographic modules in Apple operating systems have been repeatedly validated by the Cryptographic Module Validation Program (CMVP) as being conformant with U.S. Federal Information Processing Standards (FIPS) 140-2 following each major release of the operating systems since 2012. After each major release, Apple submits all modules to the CMVP for full cryptographic validation. These validated modules provide cryptographic operations for Apple provided services and are available for third-party apps to use.
Apple achieves Security Level 1 each year for the software based modules: “CoreCrypto Module on Intel” and the “CoreCrypto Kernel Module on Intel” for macOS, “CoreCrypto Module on ARM” and “CoreCrypto Kernel Module on ARM” for iOS, iPadOS, tvOS, watchOS and the firmware on the embedded Apple T2 Security Chip in a Mac.
In 2019, Apple achieved FIPS Security Level 2 for the embedded hardware module identified as “Apple Secure Enclave Processor (SEP) Secure Key Store (SKS) Cryptographic Module” enabling government approved use of SEP generated and managed keys. Apple will continue to pursue higher levels for the hardware module with each successive major OS release as appropriate.
FIPS 140-3 was approved by the U.S. Department of Commerce in 2019. The most notable change in this version of the standard is the use of ISO/IEC standards, ISO/IEC 19790:2015 and the associated testing standard ISO/IEC 24759:2017. The CMVP has initiated a transition program and have indicated that starting in 2020, cryptographic modules will begin to be validated using FIPS 140-3 as a basis. Apple cryptographic modules will aim to meet and transition to the FIPS 140-3 standard as soon as practicable.
For cryptographic modules currently in the testing and validation processes, the CMVP maintains two separate lists that may contain information about proposed validations. For cryptographic modules under testing with an accredited laboratory, the Implementation Under Test List may list the module. Once submitted by the laboratory for validation by the CMVP, the cryptographic module may appear in the Modules in Process List. Look to these two process lists first if enquiring about their validation status soon after a major OS release.
Product Certifications (Common Criteria ISO/IEC 15408)
Common Criteria (ISO/IEC 15408) is a standard that is used by many organizations as a basis for performing security evaluations of IT products.
For certifications that may be mutually recognized under the international Common Criteria Recognition Arrangement (CCRA) see the Common Criteria Portal. The Common Criteria standard may also be used outside the CCRA by national and private validation schemes.
The goal, as stated by the Common Criteria community, is for an internationally approved set of security standards to provide a clear and reliable evaluation of the security capabilities of Information Technology products. By providing an independent assessment of a product’s ability to meet security standards, Common Criteria Certification gives customers more confidence in the security of Information Technology products and leads to more informed decisions.
Through the Common Criteria Recognition Arrangement (CCRA), member countries and regions have agreed to recognize the certification of Information Technology products with the same level of confidence. Membership along with the depth and breadth of Protection Profiles (PPs) continues to grow on a yearly basis to address emerging technology. This agreement permits a product developer to pursue a single certification under any one of the Authorizing Schemes.
Previous PPs have been archived and are being replaced with the development of targeted Protection Profiles focusing on specific solutions and environments. In a concerted effort to ensure continued mutual recognition across all CCRA members, the International Technical Community (iTC) continues to drive all future PP development and updates towards Collaborative Protection Profiles (cPP) which are developed from the start with involvement from multiple schemes.
The document expressing the security requirements evaluated for an IT product is called a “Security Target” (ST); and to gain the stated assurance, the device must be configured as described in the guidance document associated with the evaluation.
The assurance obtained by using the Common Criteria standards is expressed using security assurance requirements that can be specified in a Protection Profile (PP) or an ST. Evaluation Assurance Levels (EAL) group together commonly used sets of security assurance requirements and may be specified in PPs and STs to support comparability.
Apple began pursuing certifications under this new Common Criteria restructure with selected PPs starting in early 2015. Since 2015, Apple has achieved Common Criteria (ISO/IEC 15408) certifications for each major iOS release and has expanded coverage to include assurance provided by new Protection Profiles (PPs). These include the following:
iOS and iPadOS on mobile devices (iPhone and iPad)
Mobile Device Certification
Mobile Device Fundamental Protection Profile (Platform Certification)
PP-Module for MDM Agent (MDM Management of the Platform)
Functional Package for TLS (All TLS communication from and to the Platform)
PP-Module for VPN Client (Always-on VPN using IKEv2 for IPSEC)
Extended Package for Wireless LAN Clients (Authenticated and Encrypted Wireless Access)
Application Software (Contacts)
Extended Package for Web Browsers (Safari browser)
Apple has taken an active role within the technical communities focused on evaluating mobile security technologies. These include the international Technical Communities (iTC) responsible for developing and updating collaborative Protection Profiles (cPPs). Apple continues to evaluate and pursue certifications against PPs and cPPs available today and under development.
Apple platform certifications for the North America market are generally performed with the National Information Assurance Partnership (NIAP) who maintain a list of projects currently in evaluation but not yet certified. In addition to the general platform certificates listed, other CC certificates have been issued in order to demonstrate specific security requirements for some markets.
Apple Inc. maintains certifications in compliance with standards such as ISO/IEC 27001 and 27018 to enable Apple customers to address their regulatory and contractual obligations. These certifications provide our customers with an independent attestation over Apple Information Security and Privacy practices for in-scope systems.