Compliant Product - macOS Catalina 10.15
Certificate Date: 2020.09.23CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11077-2020
Product Type: Operating System
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for General Purpose Operating Systems Version 4.2.1
CC Testing Lab: Acumen Security
The TOE is a general-purpose operating system (GPOS) which runs on Mac mini, MacBook Air, MacBook Pro and Mac Pro which include the T2 chip. The macOS Catalina is a Unix-based graphical operating system. macOS core is a POSIX compliant operating system built on top of the XNU kernel with standard Unix facilities available from the command line interface.
The TOE includes the operating system macOS Catalina 10.15.6 (Build 19G73) and the security processor (T2) (SEPOS build 17P5300).
The Apple T2 Security Chip is custom silicon for the Mac. It contains the Secure Enclave coprocessor which provides security related functionality that secures Touch ID data and provides the foundation for new encrypted storage and secure boot capabilities. Each of the TOE platforms includes both the Apple T2 Security Chip (T2) and an Intel CPU where the TOE runs.
NOTE: The TOE boundary includes the T2 chip and the Intel CPU.
The TOE will comply with [Use Case 1] End User Devices as outlined in Section 1.4 of the GPOS PP.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the macOS Catalina 10.15 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. Acumen Security determined that the Evaluation Assurance Level (EAL) for the product is EAL 1. The product, when delivered configured as identified in the Apple macOS Catalina 10.15 Common Criteria Configuration Guide, satisfies all of the security functional requirements stated in the macOS Catalina 10.15 Security Target. The project underwent CCEVS Validator review. The evaluation was completed on September 23, 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Logical Scope of the TOE
The TOE implements the following security functional requirements from [GPOSPP] as listed below:
Audit Data Generation (FAU)
The TOE generates audit events for all start-up and shut-down functions, and all auditable events as specified in GPOS PP. Audit events are generated for the following audit functions:
Each audit record contains the date and time of the event, type of event, subject identity (if applicable), and outcome (success or failure) of the event.
Cryptographic Support (FCS)
Each of these cryptographic algorithms have been validated for conformance to the requirements specified in their respective standards, as identified (in Table 3 CAVP Algorithm Testing References of the ST).
User Data Protection (FDP)
The TOE implements access controls which prevents unprivileged users from accessing files and directories owned by other users. The TOE provides an interface which allows the VPN client to protect all IP traffic.
Identification and Authentication (FIA)
All users must be authenticated to the TOE prior to carrying out any management actions. The TOE supports password-based authentication, authentication based on username, and a PIN that releases an asymmetric key stored in OE-protected storage and X509 certificate-based authentication. The TOE will lock out user accounts after a defined number of unsuccessful authentication attempts have been met.
Security Management (FMT)
The TOE can perform management functions. The Administrator has full access to carry-out all management functions and the user has limited privileges.
Protection of the TSF (FPT)
The TOE implements the following protection of TSF data:
Trusted Path/Channels (FTP)
TOE Access (FTA)
Before establishing a user session, the TOE will display an advisory warning message regarding unauthorized use of the OS.
+1 669 227 3579