Apple is proud to announce:
Common Criteria Certification for Mac OS X
10.6 & Mac OS X Server 10.6
I just wanted to provide some initial key information here to help
begin to explain to everyone what this means and how it might impact
your environment.
Things I want to cover in this message (since this will be a long
message):
* Common Criteria Certification (CAPP/EAL3)
* Auditing on Mac OS X (Classified Networks / NISPOM-Ch.8)
* Related Resources (Where to go to get more info)
Common Criteria
Certification (CAPP/EAL3+)
Protection Profile: CAPP - Controlled Access Protection
Profile
Assurance Level: EAL3+ - Evaluated Assurance Level 3 (augmented for
flaw remediation)
Product Name(s): Mac OS X 10.6
Mac OS X Server 10.6 with Common Criteria Tools Package
Evaluation Lab: atsec information security GmbH [ http://www.atsec.com/ ]
Certifying Body: BSI (Bundesamt
für Sicherheit in der Informationstechnik)
Certification ID: BSI-DSZ-CC-0536
Brief background on
Common Criteria
Common Criteria, an internationally approved set of
security standards, provides a clear and reliable evaluation of the
security capabilities of Information Technology products. By providing
an independent assessment of a product's ability to meet security
standards, Common Criteria gives customers more confidence in the
security of Information Technology products and leads to more informed
decisions. Security-conscious customers, such as the U.S. Federal
Government, are requiring Common Criteria certification as a
determining factor in purchasing decisions. Since the requirements for
certification are clearly established, vendors can target very specific
security needs while providing broad product offerings.
US Federal Government
Requirements
US Federal Agencies have long needed independent evaluations of
applications and operating systems it uses to ensure the products are
following good security best practices, but most of all that the vendor's claims for these security
services have been validated.
Products are evaluated and if appropriate, given a certification
stating that the vendor's claims have been validated by a Certified
Lab. In the case of Mac OS X 10.6 / Mac OS X Server 10.6, atsec was the Certifying Lab.
atsec Announces Common
Criteria Certification for Apple Mac OS X 10.6 Snow Leopard
http://www.atsec.com/us/news-atsec-apple-mac-os10-6-common-criteria-evaluation-snow-leopard-184.html
The
evaluation technical report and the certificate "will be" available
from the BSI web site and also on the Common Criteria portal:
https://www.bsi.bund.de
http://www.commoncriteriaportal.org
-----------------------------------------------------------------------------------------------------------
Auditing on Mac OS X (Classified Networks / NISPOM-Ch.8)
As part of the work done for this Common Criteria certification, Apple
continues delivering the required 'Security Auditing'
capabilities. These auditing services provide the capturing,
reviewing, filtering and validating relevant security events that have
taken place on the associated system. One of the most notable
requirements for Auditing is for those wanting and needing to place
systems on Classified Networks (i.e. SIPRNET).
Review the
"Common Criteria Configuration and Administration
Guide" (posted at the link below) for full understanding
to properly manage the audit subsystem according to your organizational
needs.
-----------------------------------------------------------------------------------------------------------
Related Resources
The following are references
to the content specifically posted in support of the Common Criteria
Certification. Those individuals looking for and needing the Auditing
information only can refer directly to the Common Criteria
Administration Guide.
Common Criteria Tools
& Admin Guide
- Common Criteria
(Landing Page)
- Common
Criteria Configuration & Administration Guide v2.1
- Common Criteria
White Paper
-----------------------------------------------------------------------------------------------------------
This message by no means can provide the perfect amount of information
on CCC and Auditing for everyone on this list, but I hope it helps to
begin to enlighten folks on what is available and where to begin.
- Shawn
_____________________________________________________
Shawn Geddis - Security Consulting Engineer - Apple Enterprise
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden