Fed-Talk Community,
WIth today's release of OS X Mountain Lion, Apple provides the immediate ability to run your updated system in "FIPS Mode" without delaying until final FIPS 140-2 Conformance Validation of the cryptographic modules. OS X Mountain Lion was designed from the ground up to always run in "FIPS Mode" without the need for any installation or configuration. However, at this time there is a need to update OS X Mountain Lion's built-in tool, cc_fips_test, in v10.8.0.
The following Knowledge Base Articles provide a brief description and downloadable installer to update the cc_fips_test file and maintain a FIPS-enabled OS X Mountain Lion system.
Apple FIPS Cryptographic Module v3.0
Mountain Lion: How to set up and maintain a FIPS-enabled system
Status of FIPS 140-2 Validation
With the release of OS X Mountain Lion, the new CoreCrypto Modules have been submitted for FIPS 140-2 Level 1 Conformance Validation. A followup announcement will be posted when the validations are complete and Apple has received the corresponding certificates from CMVP.
Validation of the Cryptographic Algorithms under the CAVP is a prerequisite for CMVP module validation which was achieved by Apple on June 25, 2012 and June 29, 2012. All validated algorithms receiving certificates under the CAVP can be found at the links provided below. Multiple entries for each algorithm are listed and correspond to multiple platforms undergoing FIPS 140-2 validation. There are also variations on Software Non-Optimized, Software Optimized and Hardware Accelerated. Please see the Description/Notes section for each certificate for clarification of platform specific information.
Operational Environments
Apple OSX CoreCrypto Module v3.0 (platform: i5 w/ OSX Mountain Lion - User Space)
Apple OSX CoreCrypto Module v3.0 (platform: i7 w/ OSX Mountain Lion - User Space)
Apple OSX CoreCrypto Kernel Module v3.0 (platform: i5 w/ OSX Mountain Lion - Kernel Space)
Apple OSX CoreCrypto Kernel Module v3.0 (platform: i7 w/ OSX Mountain Lion - Kernel Space)
CAVP Validated Aglorithms
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
SHS http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1828______________________________________________________________________
FIPS Related Knowledge Base Articles
OS X Mountain Lion - 10.8
Apple FIPS Cryptographic Module v3.0
Mountain Lion: How to set up and maintain a FIPS-enabled system
OS X Lion - 10.7
Apple FIPS Cryptographic Module v1.1
How to set up and maintain a FIPS-enabled OS X Lion system
FIPS Administration Tools Crypto Officer Role Guide
OS X Snow Leopard - 10.6
Apple FIPS Cryptographic Module v1.0
How to set up and maintain a FIPS-enabled Mac OS X v10.6 Snow Leopard system
FIPS Administration Tools Crypto Officer Role Guide
FIPS 140-2 certification in progress
Encryption in Mountain Lion is in the process of being certified for FIPS 140-2, the government security standard.
I hope this has helped provide you needed information and updated information will be posted when available.
- Shawn
________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Enterprise Division
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden