• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Apple FIPS (revalidation) now in Review Pending
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Apple FIPS (revalidation) now in Review Pending

  • Subject: Re: [Fed-Talk] Apple FIPS (revalidation) now in Review Pending
  • From: Shawn Geddis <email@hidden>
  • Date: Wed, 04 Jan 2012 13:37:11 -0500
DJ,

Since FIPS 140-2 Conformance Validation is on the defined "cryptographic module" and there is different hardware in the A4 / A5 devices involved here, there are two separate modules in the process -- there are two different entries on the chart:

	iPad FIPS Cryptographic Module
	iPhone FIPS Cryptographic Module

You can track their status as noted by Peter and others on this list via the CMVP Modules In Process link:

http://csrc.nist.gov/groups/STM/cmvp/inprocess.html

...and viewing the posted PDF.

You can also track the Algorithm Validations via the CAVP website, but that is merely an initial stepping stone to the module validation and does not reflect any validation of the module.

Further details will be available when appropriate.

- Shawn
________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Enterprise Division


On Jan 4, 2012, at 1:22 PM, Kachman, Donald R. Jr (DJ) - (ESE) wrote:
> Shawn,
>
> Do you have any insight you can share as to the progress of getting iOS devices FIPS certified?
>
> Best Regards,
>
> DJ Kachman
> CISSP  CNSS/NSA
>
>
> -----Original Message-----
> From: fed-talk-bounces+donald.kachman=email@hidden [mailto:fed-talk-bounces+donald.kachman=email@hidden] On Behalf Of Shawn Geddis
> Sent: Wednesday, January 04, 2012 1:19 PM
> To: Link, Peter R.
> Cc: email@hidden Talk
> Subject: Re: [Fed-Talk] Apple FIPS (revalidation) now in Review Pending
>
> On Jan 4, 2012, at 11:08 AM, Link, Peter R. wrote:
>> http://csrc.nist.gov/groups/STM/cmvp/inprocess.html click on pdf link to see status of all submissions
>>
>> Finally, one of the three Apple cryptographic modules currently in process for FIPS 140-2 validation has reached the second step, Review Pending. The 10.7 update (Shawn will correct me if I'm wrong) has finished the Implementation Under Test stage and moved forward. The iPhone and iPad cryptographic modules are still in IUT and have been there for a long time.
>>
>> The regular Apple FIPS cryptographic module is simply a 10.7 update of the CDSA/CSP module previously approved for 10.6. This module does not include any of the new CommonCrypto code nor does it include anything related to FileVault-2. The revalidation for 10.7 will help those third-party vendors who still rely on CDSA technology. I'm not sure how it will help anyone justify the use of 10.7 on federal computers but at least the process is moving forward and is a step in the right direction.
>>
>> Peter Link
>
>
> Peter,
>
> It is not the "10.7 update", but rather the "re-validation of same CDSA/CSP cryptographic module" which was used by Mac OS X 10.6.
>
>> I'm not sure how it will help anyone justify the use of 10.7 on federal computers but at least the process is moving forward and is a step in the right direction.
>
> It reflects Apple's commitment to provide, where possible, FIPS Validated crypto for use by customers under this requirement.  It is, unfortunately, not always feasible to have every version of every cryptographic module on every product validated.  Due to the ongoing challenge between validation times/queues and product cycles, you will see more of a sine wave with respect to validations for various cryptographic modules.
>
> Since ALL third-party products using the built-in cryptography are still using Sec* APIs based on CDSA or directly coding to CDSA's CSSM architecture with the initial release of OS X Lion, this was very important for you.  This provides a smooth transition as they update their applications to leverage the new Crypto architecture.
>
> You are correct that this particular validation does not cover any cryptographic module utilized by OS X Lion - such as for FileVault 2.
>
> Revalidation of a previously validated cryptographic module does not require nearly the same level of effort as the original one does.  This is fully in the hands of the CMVP folks and awaiting formal validation.  Time to completion is subject to current backlog.
>
> - Shawn
> ________________________________________
> Shawn Geddis
> Security Consulting Engineer
> Apple Enterprise Division

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >[Fed-Talk] Apple FIPS (revalidation) now in Review Pending (From: "Link, Peter R." <email@hidden>)
 >Re: [Fed-Talk] Apple FIPS (revalidation) now in Review Pending (From: Shawn Geddis <email@hidden>)
 >RE: [Fed-Talk] Apple FIPS (revalidation) now in Review Pending (From: "Kachman, Donald R. Jr (DJ) - (ESE)" <email@hidden>)

  • Prev by Date: RE: [Fed-Talk] Apple FIPS (revalidation) now in Review Pending
  • Next by Date: Re: [Fed-Talk] some observations on Lion Server and whole-disk encryption
  • Previous by thread: RE: [Fed-Talk] Apple FIPS (revalidation) now in Review Pending
  • Next by thread: [Fed-Talk] some observations on Lion Server and whole-disk encryption
  • Index(es):
    • Date
    • Thread