Here was the latest I have from Apple (Shawn Geddis, included here) as of last week…
Here are the facts about iOS and FIPS 140-2 Conformance Validations:
- iOS 8 CoreCrypto/CoreCrypto Kernel Modules are in IUT
- iOS 7 CoreCrypto/CoreCrypto Kernel Modules have FIPS 140-2 Validation Certificates (see below)
- iOS 6 CoreCrypto/CoreCrypto Kernel Modules have FIPS 140-2 Validation Certificates (see below)
iOS product security: Validations and guidance
http://support.apple.com/kb/HT5808
This Knowledge Base Article provides all references to Global Security Validations and Guidance
iOS 7 - Apple CoreCrypto / CoreCrypto Kernel Modules received FIPS 140-2 Level 1 Conformance Validation
iOS 6 - Apple CoreCrypto / CoreCrypto Kernel Modules received FIPS 140-2 Level 1 Conformance Validation
All Apple FIPS 140-2 Conformance Validation Certificates can be found on the CMVP vendor page: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm
iOS 8 - FIPS 140-2 Conformance Validation
Apple’s FIPS 140-2 Validation process for the crypto modules (v5.0) used by iOS 8 have been underway for a few months now. Due to references to platforms and processors that were only just announced publicly, the modules were not previously listed on the CMVP “Modules In-Process” List. They should be listed this week (week of Sept 15th) if CMVP processes the Lab's submission in a timely manner.
Some key points to note about the validation:
- The Crypto Modules’ boundary, interfaces, POST, etc are all the same with iOS 6, iOS 7 & iOS8
- ALL the same Cryptographic Ciphers Validated for the modules used by iOS 7 are being validated for iOS 8
- RSA / ECDSA Algorithm implementations have been updated to be FIPS 186-4 Compliant as required by CMVP-June 2014
- Additional Cryptographic Ciphers have been added to the modules — will appear in the Non-Approved List
- ALL Apple Applications and Services (*except Bluetooth) are FIPS 140-2 Compliant
- ALL Third-party Applications and Services properly using Apple’s built-in Cryptography can claim FIPS 140-2 Compliance
- Platforms: ALL iPhone/iPad/iPod touch authorized to run iOS 8 will be covered by this Validation
Related Points:
- SMIME on iOS
- Manage X.509 Identities for S/MIME via MDM
- Enable SMIME on any Email Account(s)
- Enable Singing on an Account-level basis
- Enable Encryption on a Per-Message basis (as of iOS 8)
- ALL Apple Applications and Services such as SMIME (*except Bluetooth) are FIPS 140-2 Compliant
- Includes of course, RSA and ECDSA
Additional relevant iOS 8 Resources
From: fed-talk-bounces+craig.luigart=email@hidden [mailto:fed-talk-bounces+craig.luigart=email@hidden] On Behalf Of Neely, Lee
Sent: Wednesday, September 17, 2014 12:25 PM
To: Kachman, Donald R. Jr (DJ) - (ESE); email@hidden
Subject: [EXTERNAL] Re: [Fed-Talk] IOS 8 and FIPS
According to the FIPS 140InProcess doc, the new module has been submitted – along with the OS X Core Crypto Modules.
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf
I would love to know Shawn’s take on the timing. Last time, this went very quickly.
Lee
Is there any information on whether the crypto that is used in IOS 7 will require validation for IOS 8? Will Apple be asserting that is it the same crypto?
Thanks in advance for any info.