[Fed-Talk] Apple CC tools, pwpolicy, etc.
[Fed-Talk] Apple CC tools, pwpolicy, etc.
- Subject: [Fed-Talk] Apple CC tools, pwpolicy, etc.
- From: Ran Atkinson <email@hidden>
- Date: Sat, 18 Jun 2005 10:42:55 -0400
(Apologies for following up to myself.)
The Apple "Common Criteria Admin Guide" is available at:
http://images.apple.com/support/security/commoncriteria/
CC_AdminGuide.pdf
The TIGER (10.4.x) version of the Apple Common Criteria tools are at:
http://www.apple.com/support/downloads/
commoncriteriatoolsfor104.html
The PANTHER (10.3.6 and later) version of those tools are at:
http://www.apple.com/support/downloads/commoncriteriatools.html
The Apple formal evaluation report under Common Criteria is at:
http://images.apple.com/support/security/commoncriteria/CC_NIAP.pdf
I have found each to be very useful. The first is a very helpful guide
to securing one's MacOS X deployment. The tools provide improved audit
capability. The formal evaluation report helps one understand what it
means to be EAL3/CAPP in general, and specifically for MacOS X. In my
own view, not enough people even skim the formal evaluation report,
which is a pity.[1]
To the original thread, which was on pwpolicy(8), the supported
functions
of pwpolicy(8) are those documented in the "Common Criteria Admin Guide"
at the top URL.
Cheers,
Ran
[1] A different firm, *not* Apple, has an OS product that appears to
have
a high assurance evaluation until one reads their formal evaluation
report
and discovers that the rating is only valid if the computer has no
network
interfaces, no serial communications (i.e. telephone modem) interfaces,
and is completely stand-alone. Basically, that firm's product is
evaluated
as secure only if it is unplugged from everything but power. By
contrast,
the Apple evaluation includes TCP/IP, DNS, and some other network
stuff within
the evaluated configuration/target.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden