NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - macOS Catalina 10.15

Certificate Date:  2020.09.23

Validation Report Number:  CCEVS-VR-VID11077-2020

Product Type:    Operating System

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for General Purpose Operating Systems Version 4.2.1

CC Testing Lab:  Acumen Security

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The TOE is a general-purpose operating system (GPOS) which runs on Mac mini, MacBook Air, MacBook Pro and Mac Pro which include the T2 chip. The macOS Catalina is a Unix-based graphical operating system. macOS core is a POSIX compliant operating system built on top of the XNU kernel with standard Unix facilities available from the command line interface.

The TOE includes the operating system macOS Catalina 10.15.6 (Build 19G73) and the security processor (T2) (SEPOS build 17P5300). 

The Apple T2 Security Chip is custom silicon for the Mac. It contains the Secure Enclave coprocessor which provides security related functionality that secures Touch ID data and provides the foundation for new encrypted storage and secure boot capabilities. Each of the TOE platforms includes both the Apple T2 Security Chip (T2) and an Intel CPU where the TOE runs.

NOTE: The TOE boundary includes the T2 chip and the Intel CPU.

The TOE will comply with [Use Case 1] End User Devices as outlined in Section 1.4 of the GPOS PP.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the macOS Catalina 10.15 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  Acumen Security determined that the Evaluation Assurance Level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the Apple macOS Catalina 10.15 Common Criteria Configuration Guide, satisfies all of the security functional requirements stated in the macOS Catalina 10.15 Security Target. The project underwent CCEVS Validator review.  The evaluation was completed on September 23, 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

Logical Scope of the TOE

The TOE implements the following security functional requirements from [GPOSPP] as listed below:

Audit Data Generation (FAU)

The TOE generates audit events for all start-up and shut-down functions, and all auditable events as specified in GPOS PP. Audit events are generated for the following audit functions:

  • Start-up and shut-down of the audit functions.
  • Authentication events (Success/Failure).
  • Use of privileged/special rights events (Successful and unsuccessful security, audit, and configuration changes)
  • Privilege or role escalation events (Success/Failure)

Each audit record contains the date and time of the event, type of event, subject identity (if applicable), and outcome (success or failure) of the event.

Cryptographic Support (FCS)

Each of these cryptographic algorithms have been validated for conformance to the requirements specified in their respective standards, as identified (in Table 3 CAVP Algorithm Testing References of the ST).

User Data Protection (FDP)

The TOE implements access controls which prevents unprivileged users from accessing files and directories owned by other users. The TOE provides an interface which allows the VPN client to protect all IP traffic.

Identification and Authentication (FIA)

All users must be authenticated to the TOE prior to carrying out any management actions. The TOE supports password-based authentication, authentication based on username, and a PIN that releases an asymmetric key stored in OE-protected storage and X509 certificate-based authentication. The TOE will lock out user accounts after a defined number of unsuccessful authentication attempts have been met.

Security Management (FMT)

The TOE can perform management functions. The Administrator has full access to carry-out all  management functions and the user has limited privileges.

Protection of the TSF (FPT)

The TOE implements the following protection of TSF data:

  • Access Controls.
  • Randomize process address space memory locations with 16 bits of entropy.
  • Stack buffer overflow protection is used.
  • Verification of integrity of the boot-chain and operating system executable code and application executable code.
  • Trusted software updates using digital signatures.

Trusted Path/Channels (FTP)

The TOE supports TLS v1.2 for trusted channel and trusted path communications.

TOE Access (FTA)

Before establishing a user session, the TOE will display an advisory warning message regarding unauthorized use of the OS.

Vendor Information

Apple Inc.
Fiona Pattinson
+1 669 227 3579
Site Map              Contact Us              Home