Re: [Fed-Talk] Mac OS X Common Criteria
Re: [Fed-Talk] Mac OS X Common Criteria
- Subject: Re: [Fed-Talk] Mac OS X Common Criteria
- From: Nicholas Nam <email@hidden>
- Date: Wed, 2 Jul 2008 11:06:26 -0400
Shawn, Dave,
Can you guys give your 2c? There's a lot of speculation and
assumption. Those of us dealing with especially strict certification
agents and approval authorities need a definite answer.
Thanks,
Nick
On Jul 1, 2008, at 10:44 AM, Dan O'Donnell wrote:
On 6/30/08 6:23 PM, "Todd Heberlein" <email@hidden> wrote:
On Monday, June 30, 2008, at 07:56AM, "Nicholas Nam" <email@hidden
>
wrote:
I've been asking around the BSI and NIST contacts, but have yet to
receive an answer. What specific version of OS X being evaluated
for
Common Criteria?
I believe 10.3 was certified. 10.4 was not. And 10.5 is in the
process of
being certified.
The audit system in 10.4 was partially broken (especially for
monitoring
remote connections), and the audit system for 10.5 is, at this point,
basically non-functional. I am not sure what level of evaluation
Apple is
shooting for for certification, but if it includes auditing, I hope
they get
auditing fixed before that part is evaluated.
10.3.6 (only) was certified for Common Criteria, and that was the
first
version of OSX that supported (BSM) auditing. No versions of OSX
after that
were submitted for certification so nothing else is actually
certified, but
the subsequent versions of the OS are compliant with the Common
Criteria
certification guidelines and setup of 10.3.6.
However, the OS has diverged quite a bit since 10.3.6*, so to say
that 10.5
is compliant may be stretching the assertion a bit.** I assume
that's why
Apple has submitted some version of 10.5.x for recertification. (Which
suggests that auditing will be working again at some point.)
I expect that most inspectors will accept versions other than 10.3.6
as long
as they are configured as close to the Common Criteria Guide
specifications
as one can get. But as always, YMMV. And note that the auditing flags
specified by your facility or inspector are probably different than
what is
configured by Apple in the original installer, so you probably need
to reset
those.
* For example, removal of Classic changed in 10.4; and is now
completely
gone in 10.5. (The removal of Classic is outlined in the Common
Criteria
Admin Guide, Chapter 3.)
** Especially since auditing isn't working, and that's a critical
part of
the process.
__________________________________________________________________________
This email message is for the sole use of the intended recipient(s)
and
may contain confidential information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all
copies
of the original message.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden