FileVault 2 on OS X 10.8.x is now FIPS 140-2 Compliant
Apple announced on Friday, June 28th that the FIPS 140-2 validations for the cryptographic modules used by iOS 6 and OS X 10.8.x have now been completed. This is significant news for Mac admins who want to use FileVault 2 in government and regulated industries (such as financial and health-care institutions.)
For folks who haven’t heard of it before, FIPS 140-2 is an information technology security accreditation program run jointly by the US and Canadian governments. This program is used by private sector vendors to have their cryptographic modules certified for use in US and Canadian government departments and private industries with regulatory requirements for security.
As part of today’s announcement, Apple has released KBase articles, tools and guidance for security offices who deal with encryption:
Apple FIPS Cryptographic Modules v3.0 – http://support.apple.com/kb/DL1555
Mountain Lion: How to set up and maintain a FIPS-enabled system – http://support.apple.com/kb/HT5396
Crypto Officer Role Guide for FIPS 140-2 Compliance OS X Mountain Lion v10.8 – http://km.support.apple.com/library/APPLE/APPLECARE_ALLGEOS/HT5396/Crypto_Officer_Role_Guide_for_FIPS_140-2_Compliance_OS_X_Mountain_Lion_v10.8.pdf
FIPS Administration Tools v3.0 – http://support.apple.com/kb/DL1555
FileVault 2 is listed as being FIPS 140-2 Compliant as part of the Crypto Officer Role Guide for FIPS 140-2 Compliance OS X Mountain Lion v10.8 documentation, in the Compliant Applications and Services section.