Page not found - The Mac Observer

File Not Found

The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.

Please try the following:

  • Check your spelling
  • Return to the home page
  • Click the Back button

Apple Announces Common Criteria Certification for Snow Leopard

| News

Apple has announced Common Criteria Certification for Mac OS X 10.6 and 10.6 Server at the CAPP/EAL3 level. Common Criteria, an internationally approved set of security standards, provides a clear and reliable evaluation of the security capabilities of Information Technology products.

On January 20, atsec made the following announcement: "atsec information security is pleased to announce the successful Common Criteria Certification of Mac OS X Snow Leopard at EAL 3 (augmented for flaw remediation) with the Controlled Access Protection Profile [CAPP]. This certification includes both Mac OS X and Mac OS X Server."

The main security functions tested included:

  • Audit
  • User Data Protection
  • Identification and Authentication
  • Residual Data Protection
  • Secure Communication
  • Security Management
  • TOE Self Protection

For more information on Apple's ongoing commitment to security, an overview of the Common Criteria, and the certification process, Apple has published a white paper that also includes valuable, related links.

The certification by the German firm atsec Information Security GmbH is a separate issue from the Mac OS X implementation of Sun's Basic Security Module (BSM) and its port to Mac OS X. It should be noted, however, that the BSM auditing system, which can detect and log a wide range of user authorized and unauthorized activities has been installed in Snow Leopard since its launch.

A few of the nagging problems of the BSM implementation in Leopard have ben remedied. SHH events can now be audited and new processes spawned are properly attributed to the user, not just the generic "launchd."

Unfortunately, to fully exploit the BSM auditing, the user needs the latest document, the "Security Configuration Guide" updated for Snow Leopard -- which has not been posted by Apple.

For more information, consult your local security organization. Dan O'Donnell of the RAND corporation will be presenting on this topic at the Macworld Conference and Expo in February. Additional discussion can be found on the Apple mailing list: Fed-talk.



Thanks for the white paper link, John.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account

Support TMO

Support TMO, Buy from Amazon, MacMall and The Apple Store

We can send you information in a couple of ways. Push Notifications come through instantly. The TMO Express Newsletter emails you the latest Apple headlines every weekday.

TMO Weekly Sponsor

Have a tech question? Visit our Mac Geek Gab Facebook Group and have the tech support brilliance of the entire Mac Geek Gab community at your fingertips!


AAPL Stock Price Apple Finance Board

$93.40 -2.70 (-2.81%)

Quotes are delayed. Currency in USD.


TMO Deals

Reader Specials

  • Support TMO, Buy from Amazon, MacMall and The Apple Store