Re: [Fed-Talk] [Announce] Common Criteria Certification - Mac OS X 10.6 & Mac OS X Server 10.6
Re: [Fed-Talk] [Announce] Common Criteria Certification - Mac OS X 10.6 & Mac OS X Server 10.6
- Subject: Re: [Fed-Talk] [Announce] Common Criteria Certification - Mac OS X 10.6 & Mac OS X Server 10.6
- From: James Alcasid <email@hidden>
- Date: Thu, 21 Jan 2010 16:55:24 -0500
- Thread-topic: [Fed-Talk] [Announce] Common Criteria Certification - Mac OS X 10.6 & Mac OS X Server 10.6
Title: Re: [Fed-Talk] [Announce] Common Criteria Certification - Mac OS X 10.6 & Mac OS X Server 10.6
Thanks Shawn!
--
James Alcasíd | VeriSolv Technologies
Department of Veterans Affairs | Enterprise Infrastructure Engineering
470 L’Enfant Plaza Suite 3100, Washington DC 20024
Office (202) 245-4573
email@hidden
Note:
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mis-transmission. If you receive this message in error, immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity.
P Save Paper – Do you really need to print this e-mail?
From: "Shawn A. Geddis" <email@hidden>
Date: Thu, 21 Jan 2010 16:45:59 -0500
To: Fed Talk <email@hidden>
Subject: [Fed-Talk] [Announce] Common Criteria Certification - Mac OS X 10.6 & Mac OS X Server 10.6
Apple is proud to announce:
Common Criteria Certification for Mac OS X 10.6 & Mac OS X Server 10.6
I just wanted to provide some initial key information here to help begin to explain to everyone what this means and how it might impact your environment.
Things I want to cover in this message (since this will be a long message):
* Common Criteria Certification (CAPP/EAL3)
* Auditing on Mac OS X (Classified Networks / NISPOM-Ch.8)
* Related Resources (Where to go to get more info)
Common Criteria Certification (CAPP/EAL3+)
Protection Profile: CAPP - Controlled Access Protection Profile
Assurance Level: EAL3+ - Evaluated Assurance Level 3 (augmented for flaw remediation)
Product Name(s): Mac OS X 10.6
Mac OS X Server 10.6 with Common Criteria Tools Package
Evaluation Lab: atsec information security GmbH [ http://www.atsec.com/ ]
Certifying Body: BSI (Bundesamt für Sicherheit in der Informationstechnik)
[ https://www.bsi.bund.de/cln_155/EN/Home/home_node.html ]
Certification ID: BSI-DSZ-CC-0536
Brief background on Common Criteria
Common Criteria, an internationally approved set of security standards, provides a clear and reliable evaluation of the security capabilities of Information Technology products. By providing an independent assessment of a product's ability to meet security standards, Common Criteria gives customers more confidence in the security of Information Technology products and leads to more informed decisions. Security-conscious customers, such as the U.S. Federal Government, are requiring Common Criteria certification as a determining factor in purchasing decisions. Since the requirements for certification are clearly established, vendors can target very specific security needs while providing broad product offerings.
US Federal Government Requirements
US Federal Agencies have long needed independent evaluations of applications and operating systems it uses to ensure the products are following good security best practices, but most of all that the vendor's claims for these security services have been validated.
Common Criteria certification is recognized Internationally by the countries involved in the arrangement on the Mutual Recognition of Common Criteria Certificates in the Field of IT Security [ http://www.commoncriteriaportal.org/members.html ] The complete information covering the Mutual Recognition arrangement can be found on the Common Criteria Portal [ http://www.commoncriteriaportal.org/theccra.html ].
Products are evaluated and if appropriate, given a certification stating that the vendor's claims have been validated by a Certified Lab. In the case of Mac OS X 10.6 / Mac OS X Server 10.6, atsec was the Certifying Lab.
atsec Announces Common Criteria Certification for Apple Mac OS X 10.6 Snow Leopard
http://www.atsec.com/us/news-atsec-apple-mac-os10-6-common-criteria-evaluation-snow-leopard-184.html
The evaluation technical report and the certificate "will be" available from the BSI web site and also on the Common Criteria portal:
https://www.bsi.bund.de
http://www.commoncriteriaportal.org
-----------------------------------------------------------------------------------------------------------
Auditing on Mac OS X (Classified Networks / NISPOM-Ch.8)
As part of the work done for this Common Criteria certification, Apple continues delivering the required 'Security Auditing' capabilities. These auditing services provide the capturing, reviewing, filtering and validating relevant security events that have taken place on the associated system. One of the most notable requirements for Auditing is for those wanting and needing to place systems on Classified Networks (i.e. SIPRNET).
Review the "Common Criteria Configuration and Administration Guide" (posted at the link below) for full understanding to properly manage the audit subsystem according to your organizational needs.
-----------------------------------------------------------------------------------------------------------
Related Resources
The following are references to the content specifically posted in support of the Common Criteria Certification. Those individuals looking for and needing the Auditing information only can refer directly to the Common Criteria Administration Guide.
Common Criteria Tools & Admin Guide
- Common Criteria (Landing Page)
- Common Criteria Configuration & Administration Guide v2.1
- Common Criteria White Paper
-----------------------------------------------------------------------------------------------------------
This message by no means can provide the perfect amount of information on CCC and Auditing for everyone on this list, but I hope it helps to begin to enlighten folks on what is available and where to begin.
- Shawn
_____________________________________________________
Shawn Geddis - Security Consulting Engineer - Apple Enterprise
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden