OS X product security: Certifications and validations
Click a topic for more information:
Volatility Statements
Government organizations and their supporting contractors who are required to provide a Volatility Statement from the product manufacturer can obtain one by sending an email request to AppleFederal@apple.com and providing the Requesting Government Agency, Apple Product Name, Product Serial Number, and Government Technical Contact for the request.
Common Criteria Certification
Common Criteria, an internationally approved set of security standards, provides a clear and reliable evaluation of the security capabilities of Information Technology products. By providing an independent assessment of a product's ability to meet security standards, Common Criteria Certification gives customers more confidence in the security of Information Technology products and leads to more informed decisions.
Through a Common Criteria Recognition Arrangement (CCRA), twenty-six member countries have agreed to recognize the certification of Information Technology products with the same level of confidence.
| OS X Mountain Lion v10.8 | OS X Lion v10.7 | |
| Configuration & Administration Guide | ||
| About Common Criteria Audit Tools | 1 | 1 | 
| Audit Tools Download | 1 | 1 | 
| Whitepaper | 2 | 2 | 
| Test Cases | 2 | 2 | 
| Security Target | 2 | 2 | 
| Validation Report | 2 | 2 | 
| Validation Certificate | 2 | 2 | 
| Conformance Claims | 2 | 2 | 
- Command line interface (CLI) Security Audit Tools are built-in to Mac OS X v10.6 and later. See the Admin Guide.
- This Mac OS X version was not submitted for Common Criteria Certification.
FIPS 140 Conformance Validation
The National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standards (FIPS) 140-2 and other cryptography based standards. The CMVP is a joint effort between NIST and the Communications Security Establishment of the Government of Canada (CSEC).
FIPS 140-2 refers specifically to the security requirements for cryptographic modules. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. A complete description of each level can be found within the FIPS 140-2 publication found on the NIST website (FIPS PUB 140-2).
Cryptographic Modules validated as conforming to FIPS 140-2 are accepted by the Federal Agencies of both countries for the protection of sensitive information.
The CMVP web portal contains complete details on the program, all the related standards and documents, as well as the official lists of FIPS 140-1 and FIPS 140-2 validated cryptographic modules.
Cryptographic Module Validations
All Apple FIPS 140-2 Conformance Validation Certificates can be found on the CMVP Vendor page http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm.
OS X Mountain Lion v10.8
- Certificate #1964 – Apple OS X CoreCrypto Module v3.0
- Security Policy – http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1964.pdf
- Certificate #1956 – Apple OS X CoreCrypto Kernel Module v3.0
- Security Policy – http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1956.pdf
Related articles:
- Mountain Lion: Apple OS X FIPS Cryptographic Modules 3.0
- Mountain Lion: How to set up and maintain a FIPS-enabled system
- Crypto Officer Role Guide for 10.8
OS X Lion v10.7
- Certificate #1701 – Apple FIPS Cryptographic Module v1.1
- Security Policy – http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1701.pdf
Related articles:
- Apple FIPS Cryptographic Modules 1.1
- How to set up and maintain a FIPS-enabled OS X Lion system
- FIPS Administration Tools Crypto Officer Role Guide v1.2
Mac OS X Snow Leopard v10.6
- Certificate #1514 – Apple FIPS Cryptographic Module v1.0
- Security Policy – http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1514.pdf
Related articles: