Home > FileVault 2, FIPS, iOS, Mac administration, Mac OS X > FileVault 2 on El Capitan is now FIPS 140-2 Compliant

FileVault 2 on El Capitan is now FIPS 140-2 Compliant

Apple officially announced on Wednesday, April 6th that the FIPS 140-2 validations for the cryptographic modules used by iOS 9 and OS X 10.11.x have now been completed. This is significant news for folks who want to use FileVault 2 in government and regulated industries (such as financial and health-care institutions.)

For folks who haven’t heard of it before, FIPS 140-2 is an information technology security accreditation program run jointly by the US and Canadian governments. This program is used by private sector vendors to have their cryptographic modules certified for use in US and Canadian government departments and private industries with regulatory requirements for security.

As part of the announcement, Apple has released KBase articles and guidance for security offices who deal with encryption:

Apple FIPS Cryptographic Modules v6.0 for OS X El Capitan v10.11https://support.apple.com/HT205748

Crypto Officer Role Guide for FIPS 140-2 Compliance OS X El Capitan v10.11https://support.apple.com/library/APPLE/APPLECARE_ALLGEOS/HT205748/APPLEFIPS_GUIDE_CO_OSX10.11.pdf

According to Apple, the OS X El Capitan Cryptographic Modules, Apple OS X CoreCrypto Module v6.0 and Apple OS X CoreCrypto Kernel Module v6.0, require no setup or configuration to be in “FIPS Mode” for FIPS 140-2 compliance on devices running OS X El Capitan 10.11.x.

FileVault 2 is listed as being FIPS 140-2 Compliant as part of the Crypto Officer Role Guide for FIPS 140-2 Compliance OS X El Capitan v10.11 documentation, in the Compliant Applications and Services section.

Screen Shot 2016 04 20 at 7 14 05 AM

 

For more information about the validation certification, please see below the jump.

iOS 9

Module Name: Apple iOS CoreCrypto Module, v6.0
Certificate #2594: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2016.htm#2594
Security Policy: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2594.pdf

Module Name: Apple iOS CoreCrypto Kernel Module, v6.0
Certificate #2609: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2016.htm#2609
Security Policy: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2609.pdf

 

OS X El Capitan v10.11

Module Name: Apple OS X CoreCrypto Module, v6.0
Certificate #2610: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2016.htm#2610
Security Policy: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2610.pdf

Module Name: Apple OS X CoreCrypto Kernel Module, v6.0
Certificate #2597: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2016.htm#2597
Security Policy: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2597.pdf

  1. Timothy
    November 11, 2016 at 2:37 pm

    I am experiencing corruption of keychain items when using Keychain Access to move a keychain item from one keychain to another on El Capitan. This is very frustrating. Apple Product Security confirms the issue and says that the fix is only available in 10.12 and above.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: