Compliant Product - Apple macOS 13 Ventura
Certificate Date:
2024.02.06
CC Certificate Validation Report Number: CCEVS-VR-VID11347-2024 Product Type: Operating System Conformance Claim: Protection Profile Compliant PP Identifier: PP-Module for Bluetooth Version 1.0 Protection Profile for General Purpose Operating Systems Version 4.2.1 CC Testing Lab: atsec information security corporation ![[PDF]](/assets/images/icon_pdf.gif){kind=icon}
Security Target
Validation Report
Assurance Activity
Administrative Guide
Product Description
The TOE is the Apple macOS 13 Ventura general purpose operating system (GPOS). The TOE is tightly integrated with hardware and runs on Apple iMac, MacBook Air, MacBook Pro, Mac mini, Mac Pro, and Mac Studio computers. The macOS Ventura operating system is a Unix-based graphical operating system. The macOS core is a POSIX compliant operating system built on top of the XNU kernel with standard Unix facilities available from the command line interface. The TOE includes Bluetooth communication—both Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) and Low Energy (LE).
Evaluated Configuration
The evaluation covers the following hardware platforms. Hardware Platform Covered by the Evaluation
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the Apple macOS 13 Ventura was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R5. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1, R5 supplemented by that found in the Protection Profiles cited above. The evaluation was completed in February 2024. The product, when delivered and configured as identified in the Apple macOS 13 Ventura Common Criteria Configuration Guide, meets the requirements of the following: · PP-Configuration for General Purpose Operating Systems and Bluetooth. Version 1.0 as of 2021-04-15; exact conformance o Protection Profile for General Purpose Operating Systems, Version 4.2.1 o Protection Profile for Bluetooth, Version 1.0 Apple macOS 13 VenturaThe product when configured as identified in the Apple macOS 13 Ventura Common Criteria Configuration Guide document satisfies all of the security functional requirements stated in the Apple macOS 13 Ventura Security Target. The evaluation was subject to CCEVS Validator review. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report number CCEVS-VR-VID11348-2024, prepared by CCEVS.
Environmental Strengths
Security AuditThe TOE generates audit records for the following auditable events: · Start-up and shutdown of the audit functions · Authentication events (success/failure) · Use of privileged/special rights events (successful and unsuccessful security, audit, and configuration changes) · Privilege or role escalation events (success/failure) The TOE also generates audit records for the following Bluetooth auditable events: · Failed user authorization of Bluetooth device and for local Bluetooth service · Initiation and failure of Bluetooth connection Cryptographic SupportThe TOE includes the Apple corecrypto v13.0 cryptographic libraries listed below for performing user space, kernel space, and Secure Enclave Processor (SEP) cryptographic operations. The TOE implements TLS 1.2 for secure communications with remote servers. The Bluetooth hardware implements the bulk AES-CCM-128 cryptographic functionality used when connecting to Bluetooth devices.
Apple silicon · Apple corecrypto Module v13.0 [Apple ARM, User, Software, SL1] · Apple corecrypto Module v13.0 [Apple ARM, Kernel, Software, SL1] · Apple corecrypto Module v13.0 [Apple silicon, Secure Key Store, Hardware, SL2] Intel with T2 · Apple corecrypto Module v13.0 [Intel, User, Software, SL1] · Apple corecrypto Module v13.0 [Intel, Kernel, Software, SL1] · Apple corecrypto Module v13.0 [Apple ARM, Secure Key Store, Hardware, SL2] User Data ProtectionThe TOE implements access controls that prevent unprivileged users from accessing files and directories owned by other users. The TOE uses the Apple File System (APFS), which provides access control to data. The TOE provides the file system security schemes including sandbox entitlements, POSIX access control lists (ACLs), Unix (BSD) permissions, and per-file BSD flags that override Unix permissions. Identification and AuthenticationAll users must be authenticated to the TOE prior to carrying out any management actions. The TOE supports: · Password-based authentication · Authentication based on username and a PIN that releases an asymmetric key stored in Operational Environment (OE) protected storage The TOE supports Bluetooth Secure Simple Pairing (SSP). It requires user authorization and mutual authentication during pairing. It also discards pairing attempts and session initialization from Bluetooth devices to which an active session pre-exists. The TOE requires explicit user authorization when pairing with an untrusted device. Security ManagementThe TOE can perform management functions specified in the Security Target. The administrator has full access to carry out all management functions, whereas the user will have limited privileges. The TOE can also perform Bluetooth management functions. The TOE supports both Bluetooth BR/EDR and LE and uses Secure Simple Pairing (SSP) for security. Protection of the TSF The TOE implements the following protection of TSF data functions: · Access controls · Address space layout randomization (ASLR) with 16 bits of entropy · Stack buffer overflow protection · Verification of integrity of the bootchain and operating system executable code · Trusted software updates using digital signatures TOE AccessThe TOE displays an advisory warning message regarding unauthorized use of the OS prior to establishment of a user session. TOE Trusted Path/ChannelThe TOE supports TLS 1.2 for trusted channel communications. The TOE uses TLS to securely communicate with the Apple Update Server. Applications may invoke the TOE-provided TLS to securely communicate with remote servers. The TOE provides a trusted path between itself and local users that provides assured identification of its endpoints. The TOE enforces encryption when transmitting data over Bluetooth for both BR/EDR and LE and terminates the connection if the connected device stops encrypting. Vendor InformationApple Inc. Nina Kominiak +1 907 227 9672 ninak@apple.com https://support.apple.com/guide/certifications/welcome/web |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||