Re: [Fed-Talk] [FIPS 140-2] Mac OS X - Implementation Under Test (IUT)
Re: [Fed-Talk] [FIPS 140-2] Mac OS X - Implementation Under Test (IUT)
- Subject: Re: [Fed-Talk] [FIPS 140-2] Mac OS X - Implementation Under Test (IUT)
- From: "Timothy J. Miller" <email@hidden>
- Date: Mon, 10 Sep 2007 09:40:32 -0700
It's very unusual for an implementation to enter the FIPS (or CC)
process and exit without passing. This is because you pays your
money up front, so bailing out in the middle is a bad ROI. :)
Given the FIPS lab backlogs I'm just happy they finally moved to IUT.
-- Tim
On Sep 10, 2007, at 9:31 AM, email@hidden wrote:
Thanks, excellent news! (but)
Honestly, without knowing what has been done thus far, it is
difficult to interpret what your memo means. IAn interpretation
could be either:
1) Apple just entered/started the FIPS 140-2 certification process
2) Apple's algorithms and design of the code have been vetted and
pre-validated. Now it must be verified that the code execution
matches the documentation.
Obviously #2 gives us some potential leverage to say "home stretch"
and get things rolling again.
Very Respectfully,
Wm. Cerniuk
Project Manager / Sr. Systems Architect
Veterans Affairs
877.529.5730 (toll free)
Time is Short, and the Water Rises
On Sep 10, 2007, at 4:57 AM, Shawn A. Geddis wrote:
It's Official -- Mac OS X is now in "Pre-Validation" for FIPS
140-2 Level 1 (Software) Conformance Validation
Everyone has been eager to know the status of FIPS 140-2
Conformance Validation for Apple's Mac OS X and we are happy to
*finally* announce that as of Friday September 7, 2007 the Apple
Cryptographic Service Provider (CSP) Module is officially now in
"Pre-Validation".
Listed on NIST (CMVP) Pre-Validation List
You will now find the Apple "Cryptographic Service Provider
(CSP)" on line 5 of page 2 on the Pre-Validation List (PDF)
posted on the NIST CMVP website. To view that list now or
reference it in the future, use the following link to download the
PDF document:
http://csrc.nist.gov/cryptval/140-1/140PreVal.pdf
What will be covered by this validation
A Cryptography Architecture is built into Mac OS X and is the
foundation for services critical to the protection and privacy of
data. The key Apple Cryptographic Services which will be covered
by this validation are:
FileVault (Encrypted Container - User's Home Directory)
Encrypted Disk Images (Encrypted Container - Stored on any
accessible media)
Keychains (Credential Storage)
The FIPS 140-2 Conformance Validation Process
For those who are not familiar with the process and requirements,
they can be found on the NIST website at:
http://csrc.nist.gov/cryptval/140-1/preval.htm
1. Implementation Under Test (IUT)
2. Validation Review Pending
3. Validation Review
4. Validation Coordination
5. Validation Finalization
When it will be done
Many have asked when Mac OS X's cryptographic algorithms and
cryptography conformance validation against FIPS 140-2 Level 1
will be complete. Apple is unable to provide you with a more
specific timeframe than the first half of 2008 due to the
extensiveness of the process. Apple will make every effort to
post status updates on the Federal website [ http://www.apple.com/
itpro/federal/] as well as occasional updates posted to the Fed-
Talk Mailing list [ http://lists.apple.com/mailman/listinfo/fed-
talk ].
Meeting OMB Recommendations (M-06-16)
To assist Federal Agency IT Staff in understanding how Apple's Mac
OS X Operating System can help them meet OMB guidelines, the Apple
Enterprise Team had developed and presented the "Meeting OMB
Encryption Guidelines with Mac OS X Today" briefing to a large
Federal IT Staff on August 17, 2006. Many additional Federal
Staff had indicated that they were unable to attend the all day
briefing and technical discussion due to scheduling conflicts, but
said they were extremely interested in getting access to the
presentation.
"Meeting OMB Encryption Guidelines"
http://idisk.mac.com/geddis-Public/security/
Meeting_OMB_Encryption_Guidelines.pdf
Background on FileVault
FileVaultâ„¢ provides full 128-bit AES encryption of the User's Home
Directory where the user has full, direct access to read and write
their data. The underlying Encrypted Disk Image architecture also
provides services to create, manage and store the encrypted
containers on any accessible storage media. This storage includes
external volumes such as thumb drives, CDs/DVDs, USB/FireWire HDs
and even network accessible volumes.
Background on Apple's Cryptographic Architecture
The Cryptography and PKI Services within Mac OS X and Mac OS X
Server are provided through the CDSA - Common Data Security
Architecture . The CDSA architecture is the core part of Apple's
Security framework which is available from The Open Group and
available as open source for review, use and modification.
Open Group - CDSA: http://www.opengroup.org/security/l2-
cdsa.htm
Apple source can be found at: http://developer.apple.com/
opensource/security/
If you have any additional questions at this time regarding the
FIPS 140-2 Level 1 Conformance Validation of Mac OS X , please
contact me directly via email at: email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden