Intro to Apple security assurance
As part of our commitment to security assurance, Apple regularly engages with third-party organisations to provide security assurance, certifying and attesting to the security of Apple’s hardware, operating systems, apps and services. Our goal is to specify certifications that can be recognised by Apple users around the globe.
For technical areas that aren’t accepted under mutual recognition arrangements (MRAs) or that lack mature security certification standards, Apple may engage with others to develop security standards that provide coverage for these.
Certifications are often necessary to meet the requirements of legislation, regulation and industry norms. A device’s operating system and apps often use Common Criteria or FIPS 140-3 certifications. All customers — including government agencies and enterprise and education organisations deploying Apple devices — can use the hardware, operating system, software and services certifications to help demonstrate compliance.
Services such as Apple School Manager and Apple Business Manager are covered under Apple’s ISO/IEC 27001 and ISO/IEC 27018 certifications.
Apple Platform Security is published by Apple and includes detailed technical information and descriptions of security features. Often Apple’s independent certifications include verification of information provided in Apple Platform Security.
Hardware certifications
Because secure software requires a foundation of security built into hardware, all Apple devices — whether using iOS, iPadOS, macOS, tvOS or watchOS — have security designed into silicon. The CPU powers system security, and Apple silicon is dedicated to security functions. The most critical component is the Secure Enclave coprocessor, which appears on all modern iOS, iPadOS, tvOS and watchOS devices, on all Mac computers with Apple silicon, and Intel-based Mac computers with the Apple T2 Security Chip. The Secure Enclave provides the foundation for encrypting data at rest, secure boot in macOS and biometrics.
Apple’s commitment to security assurance starts with the certification of the foundational security components in silicon — from the hardware root of trust, to the secure boot enforcement, to the Secure Enclave providing secure key storage, to secure authentication with Face ID and Touch ID.
For information on public certifications related to hardware and associated firmware components, see:
Operating systems and app certifications
Apple maintains independent certifications and attestations over its operating system and apps in conformance with the US Federal Information Processing Standards (FIPS) 140-3 for cryptographic modules and Common Criteria for operating systems, apps and device services. The coverage of operating systems includes iOS, iPadOS, macOS, sepOS, T2OS, tvOS and watchOS. For apps, independent certification initially included the Safari browser and Contacts apps, with more apps to be certified in the future.
For information on public certifications related to Apple operating systems, see:
For information on public certifications related to Apple apps, see:
Services certifications
Apple maintains security certifications to support our customers, from enterprise to education. These certifications enable Apple customers to address their regulatory and contractual obligations when using Apple services with Apple hardware and software. These certifications provide our customers with an independent attestation over Apple information security, environmental and privacy practices for Apple systems.
For information on public certifications related to Apple internet services, see:
For information on public certifications related to Apple Pay, see:
Additional certifications
Apple maintains other security certifications in support of meeting specific legislation or regulation. For information on public certifications related to specific regulations, see:
macOS Security Compliance Project
The macOS Security Compliance Project is an open source effort to provide a programmatic approach to generating security guidance. The project supports multiple security and compliance baselines, can be used to output fully customised documentation, scripts (logging and remediation), configuration profiles, and an audit checklist generated from the baseline used. See:
For questions about Apple Security and Privacy Certifications, contact security-certifications@apple.com.