macOS security certifications
macOS certification background
Apple actively engages in the provision of security assurance of macOS for each major release of an operating system using appropriate Protection Profiles and for the cryptographic modules, FIPS 140-3 requirements.
Validation of conformance can be performed only against a final released version of macOS.
macOS cryptographic module validation status
The Cryptographic Module Validation Program (CMVP) maintains the validation status of cryptographic modules under three separate lists depending on their current status.
For more information, see Cryptographic module validation status information.
For Apple computers, the table below shows which cryptographic modules are applicable to which Mac technology.
Cryptographic module | Security Level | Mac computers with Apple silicon | Mac computers with the Apple T2 Security Chip | Intel-based Mac computers without the Apple T2 Security Chip | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Apple silicon User Space | 1 |
|
|
| |||||||
Apple silicon Kernel | 1 |
|
|
| |||||||
Intel User Space | 1 |
|
|
| |||||||
Intel Kernel | 1 |
|
|
| |||||||
Secure Key Store | 2 |
|
|
| |||||||
Secure Key Store | 2 (with Physical Security L3) |
|
|
| |||||||
FIPS 140-3 certifications
In 2020, Apple released Mac computers that are based on Apple silicon. The applicability of cryptographic modules to either Apple silicon or Intel-based Mac computers is indicated in the Module Info column in the table below.
Note: Apple T2 Security chips are included in many Intel-based Mac computers. For information about T2 chip certifications, see Apple T2 Security Chip security certifications.
macOS ssh client
OpenSSH can be configured to use FIPS 140-3 validated modules for selected FIPS 140-3 algorithms.Organisations can run a signed and notarised installer that is available from Apple with the password FIPS140Mode. The installer places two files on the Mac computer:
fips_ssh_config: Placed in /private/etc/ssh/ssh_config.d/
fips_sshd_config: Placed in /private/etc/ssh/sshd_config.d/
macOS then uses these files to limit the ciphers available to OpenSSH to only those that have been validated by NIST and ensures the OpenSSH client uses the platform-provided, validated cryptographic module. Administrators can also create their own files. For more information, see the apple_ssh_and_fips man page in macOS 12.0.1 or later.
Summary of current certification status
macOS 13 Ventura user space, kernel space and secure key store are undergoing laboratory testing. They are listed on the Implementation Under Test List and, when testing is complete, on the Modules in Process List.
macOS 12 Monterey user space, kernel space and secure key store are undergoing laboratory testing. They are listed on the Implementation Under Test List and, when testing is complete, on the Modules in Process List.
macOS 11 Big Sur user space, kernel space and secure key store have completed laboratory testing and have been recommended by the laboratory to the CMVP for validation. They are listed on the Modules in Process List.
The table below shows the Apple cryptographic modules that are currently being tested by a laboratory, that have been recommended by a laboratory for validation by the CMVP, or that have been validated and certified as conformant to FIPS 140-3 by the CMVP.
Dates | Certificates/Documents | Module info |
|---|---|---|
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v13.0 Operating system: macOS 13 Ventura on Apple silicon Environment: Apple silicon/ARM, User, Software Type: Software Security Level: 1 |
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v13.0 Operating system: macOS 13 Ventura on Apple silicon Environment: Apple silicon/ARM, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v13.0 Operating system: sepOS distributed with macOS 13 Ventura on Apple silicon Environment: Apple silicon, Secure Key Store, Hardware Type: Hardware (M1, M1 Pro, M1 Max, M1 Ultra, M2) Security Level: 2 Physical Security Level: 3 |
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v13.0 Operating system: macOS 13 Ventura on Intel Environment: Intel, User, Software Type: Software Security Level: 1 |
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v13.0 Operating system: macOS 13 Ventura on Intel Environment: Intel, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2022 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v13.0 Operating system: sepOS distributed with macOS 13 Ventura ARM T2 Environment: T2, Secure Key Store, Hardware Type: Hardware (T2) Security Level: 2 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v12.0 Operating system: macOS 12 Monterey on Apple silicon Environment: Apple silicon, User, Software Type: Software Security Level: 1 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v12.0 Operating system: macOS 12 Monterey on Apple silicon Environment: Apple silicon, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v12.0 Operating system: sepOS distributed with macOS 12 Monterey on Apple silicon Environment: Apple silicon, Secure Key Store, Hardware Type: Hardware (M1, M1 Pro, M1 Max) Security Level: 2 Physical Security Level: 3 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v12.0 Operating system: macOS 12 Monterey on Intel Environment: Intel, User, Software Type: Software Security Level: 1 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v12.0 Operating system: macOS 12 Monterey on Intel Environment: Intel, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2021 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v12.0 Operating system: sepOS distributed with macOS 12 Monterey on Intel with T2 Environment: Intel, Secure Key Store, Hardware Type: Hardware (T2) Security Level: 2 |
Operating system release date: 2020 Validation dates: 07-12-2022 | Certificates: 4389 Apple documents: | Title: Apple Corecrypto Module v11.1 Operating system: macOS 11 Big Sur on Intel Environment: Intel, User, Software Type: Software Security Level: 1 |
Operating system release date: 2020 Validation dates: 07-12-2022 | Certificates: 4390 Apple documents: | Title: Apple Corecrypto Module v11.1 Operating system: macOS 11 Big Sur on Intel Environment: Intel, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2020 Validation dates: 07-12-2022 | Certificates: 4391 Apple documents: | Title: Apple Corecrypto Module v11.1 Operating system: macOS 11 Big Sur on Apple silicon Environment: Apple silicon, User, Software Type: Software Security Level: 1 |
Operating system release date: 2020 Validation dates: 07-12-2022 | Certificates: 4392 Apple documents: | Title: Apple Corecrypto Module v11.1 Operating system: macOS 11 Big Sur on Apple silicon Environment: Apple silicon, Kernel, Software Type: Software Security Level: 1 |
Operating system release date: 2020 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v11.1 Operating system: sepOS distributed with macOS 11 Big Sur on Apple silicon, sepOS distributed with macOS 11 Big Sur on Intel Environment: Apple silicon, Secure Key Store, Hardware Type: Hardware (M1) Security Level: 2 |
Operating system release date: 2020 Validation dates: — | Certificates: Not yet certified Apple documents: | Title: Apple Corecrypto Module v11.1 Operating system: sepOS distributed with macOS 11 Big Sur on Apple silicon Environment: Apple silicon, Secure Key Store, Hardware Type: Hardware (M1) Security Level: 2 Physical Security Level: 3 |
FIPS 140-2 certifications
Note: Apple T2 Security chips are included in many Intel-based Mac computers. For information about T2 chip certifications, see Apple T2 Security Chip security certifications.
The table below shows the cryptographic modules that are certified by the CMVP as conformant with FIPS 140-2.
Dates | Certificates/Documents | Module info |
|---|---|---|
Operating system release date: 2019 Validation dates: 24-03-2021 | Certificates: 3859 Apple documents: | Title: Apple Corecrypto User Space Module for Intel (ccv10) Operating system: macOS 10.15 Catalina Type: Software Security Level: 1 |
Operating system release date: 2019 Validation dates: 24-03-2021 | Certificates: 3858 Apple documents: | Title: Apple Corecrypto Kernel Module v10.0 for Intel (ccv10) Operating system: macOS 10.15 Catalina Type: Software Security Level: 1 |
Operating system release date: 2018 Validation dates: 12-04-2019 | Certificates: 3402 Apple documents: | Title: Apple Corecrypto User Module v9.0 for Intel Operating system: macOS 10.14 Mojave Type: Software Security Level: 1 |
Operating system release date: 2018 Validation dates: 12-04-2019 | Certificates: 3431 Apple documents: | Title: Apple Corecrypto Kernel Module v9.0 for Intel Operating system: macOS 10.14 Mojave Type: Software Security Level: 1 |
Previous versions
These OS X and macOS versions previously had cryptographic module validations. Those more than five years old are listed by the CMVP with historical status:
2017 in macOS 10.13 High Sierra-FIPS 140-2
2016 in macOS 10.12 Sierra-FIPS 140-2
2015 in OS X 10.11 El Capitan-FIPS 140-2
2014 in OS X 10.10 Yosemite-FIPS 140-2
2013 in OS X 10.9 Mavericks-FIPS 140-2
2012 in OS X 10.8 Mountain Lion-FIPS 140-2
2011 in OS X 10.7 Lion-FIPS 140-2
2009 in OS X 10.6 Snow Leopard-FIPS 140-2
Common Criteria (CC) certification background
Apple actively engages in the evaluation of macOS for each major release of the operating system. Evaluation can only be performed against a final publicly released version of the operating system.
Common Criteria (CC) certification status
The US scheme, operated by the National Information Assurance Project (NIAP), maintains a list of Products in Evaluation; this list includes products that are currently undergoing evaluation in the United States with a NIAP-approved Common Criteria Testing Laboratory (CCTL) and that have completed an Evaluation Kickoff Meeting (or equivalent) in which CCEVS management officially accepts the product into evaluation.
For more information, see Common Criteria (CC) certification status information.
The table below shows the certifications that are currently being evaluated by a laboratory or that have been certified as conforming with Common Criteria.
Current status
Evaluations with NIAP for macOS 13 using the General Purpose Operating System and Full Disk Encryption (FDE) (AA and EE) Protection Profiles are under way.
For the latest information, see Products in evaluation (NIAP) and the Product Compliant List.
Operating system / Certification date | Scheme ID / Documents | Title / Protection Profiles |
|---|---|---|
Operating system: macOS 13 Ventura Certification date: — | Scheme ID: Not yet certified Apple documents: | Title: macOS 13 Ventura Protection Profiles: PP-Configuration for General Purpose Operating Systems and Bluetooth Version 1.0 as of 2021-04-15 |
Operating system: macOS 13 Ventura Certification date: — | Scheme ID: Not yet certified Apple documents: | Title: Apple FileVault 2 with macOS 13 Ventura Protection Profiles: PP-Configuration for General Purpose Operating Systems Version 4.2.1 |
Operating system: macOS 11 Big Sur Certification date: — | Scheme ID: Not yet certified Apple documents: | Title: Apple FileVault 2 with macOS 11 Big Sur Protection Profiles: U.S. Government Approved Protection Profile - collaborative Protection Profile for Full Drive Encryption - Authorization Acquisition Version 2.0 + Errata 20190201 U.S. Government Approved Protection Profile - collaborative Protection Profile for Full Drive Encryption - Encryption Engine Version 2.0 + Errata 20190201 |
Operating system: macOS 11 Big Sur Certification date: — | Scheme ID: Not yet certified Apple documents: | Title: Apple macOS 11 Big Sur Protection Profiles: Collaborative Protection Profile for Full Drive Encryption - Authorization Acquisition Version 2.0 + Errata 20190201 Collaborative Protection Profile for Full Drive Encryption - Encryption Engine Version 2.0 + Errata 20190201 |
Operating system: macOS 10.15 Catalina Certification date: 29-04-2021 | Scheme ID: 11078 Apple documents: | Title: Apple FileVault 2 on T2 computers using macOS 10.15 Catalina Protection Profiles: Collaborative Protection Profile for Full Drive Encryption - Authorization Acquisition Version 2.0 + Errata 20190201 Collaborative Protection Profile for Full Drive Encryption - Encryption Engine Version 2.0 + Errata 20190201 |
Archived Common Criteria certifications for macOS
These previous macOS versions had Common Criteria validations. They are archived by NIAP according to the NIAP policy:
Operating system / Certification date | Scheme ID / Documents | Title / Protection Profiles |
|---|---|---|
Operating system: macOS 10.15 Catalina Certification date: 23-09-2020 | Scheme ID: 11077 Apple documents: | Title: macOS 10.15 Catalina Protection Profiles: PP_OS_V4.21 |
For questions about Apple Security and Privacy Certifications, contact security-certifications@apple.com.