Re: [Fed-Talk] Mac OS X Common Criteria
Re: [Fed-Talk] Mac OS X Common Criteria
- Subject: Re: [Fed-Talk] Mac OS X Common Criteria
- From: "Dan O'Donnell" <email@hidden>
- Date: Tue, 01 Jul 2008 07:44:36 -0700
- Thread-topic: [Fed-Talk] Mac OS X Common Criteria
On 6/30/08 6:23 PM, "Todd Heberlein" <email@hidden> wrote:
>
> On Monday, June 30, 2008, at 07:56AM, "Nicholas Nam" <email@hidden>
> wrote:
>> I've been asking around the BSI and NIST contacts, but have yet to
>> receive an answer. What specific version of OS X being evaluated for
>> Common Criteria?
>
> I believe 10.3 was certified. 10.4 was not. And 10.5 is in the process of
> being certified.
>
> The audit system in 10.4 was partially broken (especially for monitoring
> remote connections), and the audit system for 10.5 is, at this point,
> basically non-functional. I am not sure what level of evaluation Apple is
> shooting for for certification, but if it includes auditing, I hope they get
> auditing fixed before that part is evaluated.
10.3.6 (only) was certified for Common Criteria, and that was the first
version of OSX that supported (BSM) auditing. No versions of OSX after that
were submitted for certification so nothing else is actually certified, but
the subsequent versions of the OS are compliant with the Common Criteria
certification guidelines and setup of 10.3.6.
However, the OS has diverged quite a bit since 10.3.6*, so to say that 10.5
is compliant may be stretching the assertion a bit.** I assume that's why
Apple has submitted some version of 10.5.x for recertification. (Which
suggests that auditing will be working again at some point.)
I expect that most inspectors will accept versions other than 10.3.6 as long
as they are configured as close to the Common Criteria Guide specifications
as one can get. But as always, YMMV. And note that the auditing flags
specified by your facility or inspector are probably different than what is
configured by Apple in the original installer, so you probably need to reset
those.
* For example, removal of Classic changed in 10.4; and is now completely
gone in 10.5. (The removal of Classic is outlined in the Common Criteria
Admin Guide, Chapter 3.)
** Especially since auditing isn't working, and that's a critical part of
the process.
__________________________________________________________________________
This email message is for the sole use of the intended recipient(s) and
may contain confidential information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden