__________________________________________________________________ Apple Inc. __________________________________________________________________  Apple FIPS Cryptographic Module, v1.1 FIPS 140-2 Non-Proprietary Security Policy Document Control Number APPLEFIPS_SECPOL_002.16 Version 2.16 March 16, 2011 Prepared by: Shawn Geddis Apple Inc. 11921 Freedom Drive Suite 600 Reston, VA 20190 Phone: (703) 264-5103 Fax: (703) 264-5157 www.apple.com ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 1 Table of Contents FIPS SECURITY LEVEL OVERVIEW .....................................................................................................................3 EXECUTIVE SUMMARY ...........................................................................................................................................3 OVERVIEW...................................................................................................................................................................3 INTRODUCTION............................................................................................................................................................4 APPLE FIPS CRYPTOGRAPHIC MODULE ..........................................................................................................5 OVERVIEW...................................................................................................................................................................5 CRYPTOGRAPHIC MODULE SPECIFICATION..................................................................................................................8 MODES OF OPERATION ................................................................................................................................................9 CRYPTOGRAPHIC MODULE PORTS AND INTERFACES .................................................................................................10 ROLES, SERVICES, AND AUTHENTICATION.................................................................................................................11 Roles ....................................................................................................................................................................11 Services ................................................................................................................................................................11 Authentication......................................................................................................................................................12 PHYSICAL SECURITY..................................................................................................................................................12 OPERATIONAL ENVIRONMENT...................................................................................................................................12 CRYPTOGRAPHIC KEY MANAGEMENT.......................................................................................................................13 Key Generation ....................................................................................................................................................13 Key Establishment ...............................................................................................................................................13 Key Entry and Output ..........................................................................................................................................13 Key Storage..........................................................................................................................................................13 Key Zeroization....................................................................................................................................................13 List of Keys and CSP ...........................................................................................................................................14 EMI/EMC .................................................................................................................................................................14 SELF-TESTS...............................................................................................................................................................15 DESIGN ASSURANCE..................................................................................................................................................16 MITIGATION OF OTHER ATTACKS..............................................................................................................................16 SECURE OPERATION..............................................................................................................................................17 SECURITY FUNCTIONS...............................................................................................................................................17 CRYPTO OFFICER GUIDANCE.....................................................................................................................................19 USER GUIDANCE........................................................................................................................................................19 GLOSSARY AND REFERENCES ............................................................................................................................20 GLOSSARY.................................................................................................................................................................20 REFERENCES..............................................................................................................................................................21 ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 2 Section 1 FIPS Security Level Overview FIPS Section Level Cryptographic Module Specification 1 Cryptographic Module Ports and Interfaces 1 Roles, Services, and Authentication 1 Finite State Model 1 Physical Security N/A Operational Environment 1 Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance 1 Mitigation of Other Attacks N/A Table 1 FIPS Security Level Overview Section 2 Executive Summary Overview Section 2.1 This document is the non-proprietary security policy supporting the Apple FIPS Cryptographic Module, v1.1. This document may be reproduced only in its original entirety, without revision. This security policy describes the module and how it meets the security requirements of FIPS 140-2. It also provides a specification of the FIPS 140-2 security rules under which the module operates. This document was prepared as part of the FIPS 140-2 Level 1 validation of the module. With the exception of this non-proprietary security policy as well as the Role Guide: Crypto Officer, all other FIPS 140-2 validation submission documentation is proprietary to Apple Inc. and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Apple Inc. ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 3 Introduction Section 2.2 The Level 1 Apple FIPS Cryptographic Module, v1.1 is included within OS X Lion v10.7 for use by 3rd party applications and services. The module consists of the Apple Cryptographic Service Provider (AppleCSP), the module’s PRNG, and the FIPSPerformSelfTest helper application. This module continues to provide cryptographic services for 3rd party applications and services still using CDSA while OS X Lion uses a separate next generation cryptographic module for Apple applications and services. ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 4 Section 3 Apple FIPS Cryptographic Module Overview Section 3.1 CDSA (Common Data Security Architecture) provides cryptographic services for 3rd party applications on OS X Lion, therefore Apple has re-validated CDSA for the benefit of 3rd party products only. CDSA provides security services and has its own standard application programming interface (API). OS X Lion includes new security APIs that call upon next generation cryptography but still includes the CDSA APIs for 3rd party applications. Legacy 3rd Party applications directly call the CDSA security APIs. Figure 1 below illustrates this architecture. Applications Legacy Security Services OS X Lion Security Services API API API API API API API API API Next Generation Cryptography CDSA BSD and Mach Figure 1 OS X Lion Security Architecture Overview CDSA is an Open Source security architecture adopted as a technical standard by the Open Group. Apple has developed its own Open Source implementation of CDSA. The core of CDSA is CSSM (Common Security Services Manager), a set of Open Source code modules that implement a public API called the CSSM API. CSSM provides APIs for cryptographic services (such as creation of cryptographic keys, encryption and decryption of data), certificate services (such as creation of digital certificates, reading and evaluation of digital certificates), secure storage of data, and other security services. ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 5 CSSM also defines an interface for plug-ins that implements security services for a particular operating system and hardware environment. The implementation on a given platform can optionally supply a middleware layer that provides an operating-system-specific API for applications. Whether such a layer is present or not, applications can call the CSSM API directly. The validated CDSA module implements nearly all the standard features of CSSM, plus a set of middleware security services to provide a standard interface for application programmers. The CDSA standard defines a four-layer architecture, with the top layer being the applications that use the CDSA security features. Figure 2 below illustrates the implementation of CDSA and shows the first three layers: the CDSA plug-ins, CSSM, and the security APIs, which constitute the middleware layer. The Authorization Services, the Security Server daemon, and the Security Agent shown in the figure are technically outside of CDSA, but they are shown here for completeness because they constitute an integral part of the security architecture. Legacy Security APIs Security Keychain CFNetwork Objective-C Manager API Certificate, Keychain Secure Authorization Key, and Trust Services Transport Services Services CSSM API CSSM Security contexts Security Agent Data Storage Certificate Cryptographic Trust Policy Library Library Services Services Services Services Security Manager Manager Manager Manager Server daemon AppleCSP/DL AppleCSP AppleFileDL encrypted AppleX509CL AppleX509TP CDSA cryptographic data data certificate trust policy plug-ins service storage storage library library provider library provider AppleCSP Figure 2 Implementation of CDSA ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 6 Security contexts in Figure 2 are data structures used by CSSM to assist applications in managing the many parameters used in security operations. The CSSM managers implement the standard CSSM API. The CDSA plug-ins shown in Figure 2 are those provided by the module . The CDSA specification allows any number of plug-ins. As long as a plug-in follows the rules for interfacing with the CSSM managers, it can implement any portion of the CDSA feature set, including a combination of features associated with two or more of the CSSM managers. The CDSA specification even allows for the expansion of CDSA by the addition of elective module managers and associated plug-ins. Plug-ins can call each other as well as being called by the CSSM managers and, in fact, it is common for them to do so. All secure communications and authentication protocols are based on keys and encryption provided by the AppleCSP. ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 7 Cryptographic Module Specification Section 3.2 The logical cryptographic boundary of Apple FIPS Cryptographic Module, v1.1 (“Module library”) is the shared object library itself. The logical cryptographic boundary consists of the Apple Cryptographic Service Provider (AppleCSP), the module’s PRNG, and the FIPSPerformSelfTest helper application. The AppleCSP is a basic plug-in module that works together with the helper application. The PRNG is used in generating the module’s keys. The FIPSPerformSelfTest file performs the FIPS required power on self-tests for the AppleCSP. The physical cryptographic boundary of the Module library is the enclosure of the computer system on which the module is running. Figure 3 below shows the cryptographic boundary of the module. The logical boundary is indicated by the red dotted line while the physical boundary is indicated by the black dotted line. The Power On Self Test block within the diagram represents the FIPSPerformSelfTest file, the PRNG block represents the module’s PRNG, and the CSP Module block within the diagram represents the AppleCSP. Calls Sec* API Function Application Passes in Input and Receives Output and Status Operating System Sec* APIs Calls Sec* API Function Passes in Input and Receives Output and Status Calls Sec* API Function CDSA Passes in Input and Receives Output and Status External hardware (keyboard, mouse, Power On video display, etc.) PRNG CSP Module DL CL TP Self Test Figure 3 Cryptographic Module Boundary ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 8 Modes of Operation Section 3.3 The module has two modes of operation: Approved mode and Non-approved mode. The module runs in the Approved mode by default. The module is considered running in the Non-approved mode when the module uses an internally generated RSA key pair for signature generation and verification, RSA key wrapping, or any non-allowed algorithms listed in Table 6. RSA Key wrapping is not allowed in the Approved mode because RSA keys are generated using a Non- approved key generation method as listed in Table 6. The installation of the Apple FIPS Cryptographic Module by the Crypto Officer involves four steps and more information about these steps can be found in the “Role Guide: Crypto Officer” document: 1. Obtaining the FIPS Administration Tools installer 2. Installing the FIPS Administration Tools 3. Verifying the FIPS Administration Tools were successfully installed 4. Verify the integrity of the FIPS Administration Tools The User can also verify the Apple FIPS Cryptographic Module status by running the FIPSPerformSelfTest status command in the Terminal application. More information is available about the module on the Apple Support website http://www.apple.com/support/ and searching for FIPS. ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 9 Cryptographic Module Ports and Interfaces Section 3.4 The cryptographic module is a software module. This module was tested on the 15-inch MacBook Pro portable computer platform. The platform for the module provides a number of physical ports and logical interfaces. The platform’s physical ports correspond to the ports of the portable computer that executes the module. They include a 15.4 inch display, power button, power adaptor port, two USB 2.0 ports, audio line in/optical digital audio input, headphone/ optical digital audio output, two AirPort Extreme/Bluetooth wireless antennas, ExpressCard/34 slot, FireWire 800 port, Gigabit Ethernet, Mini DisplayPort, SuperDrive optical drive, keyboard, trackpad, speaker, microphone, iSight video camera and LEDs. The module implements the required FIPS 140-2 logical interfaces through application programming interface (API) calls as shown in the following table. FIPS 140-2 Logical Module Physical Ports Module Logical Interfaces Interfaces Data Input USB, audio line in/optical digital Data passed to the API calls to be used audio input, wireless antennas, by the Module ExpressCard/34, FireWire, Ethernet, SuperDrive, microphone, iSight video camera Data Output Display, USB, headphone/optical Data returned from API calls, digital audio output, wireless generated by the Module antennas, ExpressCard/34, FireWire, Ethernet, Mini DisplayPort, SuperDrive, speaker Control Input USB, wireless antennas, Exported API calls ExpressCard/34, FireWire, Ethernet, SuperDrive, trackpad, keyboard Status Output Display, USB, wireless antennas, Returned status information and return ExpressCard/34, FireWire, codes provided by API function calls Ethernet, SuperDrive, Mini after execution DisplayPort, LEDs Power Power button, power adaptor N/A port, battery pack Table 2 Mapping of Ports and Interfaces ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 10 Roles, Services, and Authentication Section 3.5 Roles Section 3.5.1 The Apple cryptographic module supports two authorized roles: User and Crypto Officer. The User can request access to the module in order to use its cryptographic services. The Crypto Officer can request access to install or remove the module as well as perform power on self tests and check the status of the module. Services Section 3.5.2 Role Service Critical Security Parameter (CSP) Access User Show FIPS Enabled Status Read Show FIPSPerformSelfTest Read Version AES secret key data encryption/ Write, Execute decryption Triple-DES secret key data Write, Execute encryption/decryption RSA/DSA/ECDSA Signature Write, Execute generation and verification Diffie-Hellman public/private Write, Execute key agreement Elliptic Curve Diffie-Hellman Write, Execute public/private key agreement Pseudo Random Number Write, Execute Generation (PRNG) SHS Hashing Write, Execute HMAC SHA-1 Keyed Hashing Write, Execute Crypto Officer Installation Execute Show FIPS Enabled Status Read Show FIPSPerformSelfTest Read Version Show FIPSPerformSelfTest Read Signatures ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 11 Show FIPSPerformSelfTest Write, Execute Create Perform Full FIPS Self Test Execute AES secret key data encryption/ Write, Execute decryption Triple-DES secret key data Write, Execute encryption/decryption RSA/DSA/ECDSA Signature Write, Execute generation and verification Diffie-Hellman public/private Write, Execute key agreement Elliptic Curve Diffie-Hellman Write, Execute public/private key agreement Pseudo Random Number Write, Execute Generation (PRNG) SHS Hashing Write, Execute HMAC SHA-1 Keyed Hashing Write, Execute Table 3 Roles and Services Authentication Section 3.5.3 Within the constraints of FIPS 140-2 Level 1, the module does not implement an authentication mechanism for operator authentication. The module relies upon the operating system, which lies outside the logical boundary, for operator authentication. Physical Security Section 3.6 Physical Security is not required for the software module. The FIPS software was tested on a 15- inch MacBook Pro laptop computer with an Intel microprocessor running at a clock speed of 2.93 GHz. The computer is made from production grade components and includes a lightweight aluminum alloy production grade enclosure. Operational Environment Section 3.7 The software module runs on OS X Lion in single operator mode of operation. When the Mac operating system loads the module into memory, the FIPSPerformSelfTest runs code signing (RSA Signature) validations on all components of the module with the exception of HMAC- SHA1 validation on the PRNG, which will ensure a full cryptographic verification of the module. Loading will only continue if the module passes these checks. A number of other self- tests are also run at this time. The complete list of self-tests are listed in section 3.10. ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 12 Cryptographic Key Management Section 3.8 The module provides the capability to use cryptographic keys with several algorithms. The implemented FIPS-approved algorithms include AES, Triple-DES, RSA/DSA/ECDSA, SHA-1/224/256/384/512, HMAC SHA-1, and FIPS 186-2 PRNG. Key Generation Section 3.8.1 This module implements the FIPS Approved FIPS 186-2 PRNG to generate keys and uses those keys directly without further modification. Key Establishment Section 3.8.2 The module uses Diffie-Hellman and Elliptic Curve Diffie-Hellman key agreement for key establishment. Methodologies providing a minimum of 80 bits of encryption strength are allowed in the FIPS mode of operation. Encryption strength is determined in accordance with FIPS 140-2 Implementation Guidance 7.5 and NIST Special Publication 800-57 (Part 1). Key Entry and Output Section 3.8.3 All keys are imported from, or output to, the invoking program running on the same computer. All keys entered into the module are electronically entered in plain text form. Keys are output from the module in plain text form. Key Storage Section 3.8.4 Keys stored in memory are stored in plaintext. Key Zeroization Section 3.8.5 All keys can be zeroized by overwriting them, deleting them, or by rebooting the computer. All Input keys are passed into the module as a read-only constant and the Output keys are written by the module directly to the memory location provided by the calling application. The calling application owns the memory and has direct ability to zeroize those keys by overwriting them when requesting new keys from the module to replace existing keys in memory owned by the calling application, deleting them by issuing a zeroization command within the calling application, or the system can be rebooted to clear all keys in memory. ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 13 List of Keys and CSP Section 3.8.6 CSPs CSPs type Generation Storage Use AES keys Symmetric secret Internal via FIPS Plaintext2 Data encryption/ keys 186-2 PRNG decryption Triple-DES keys Symmetric secret Internal via FIPS Plaintext2 Data encryption/ keys 186-2 PRNG decryption RSA/DSA/ Asymmetric Internal via FIPS Plaintext2 Signing and ECDSA Key Pairs private and public 186-2 PRNG Verification key pairs RSA Key Pairs Asymmetric External Plaintext2 Signing and private and public Verification key pairs Diffie-Hellman Diffie-Hellman Internal via FIPS Plaintext2 Key agreement and Eliptic Curve and Eliptic Curve 186-2 PRNG Diffie-Hellman Diffie-Hellman key pairs private and public key pairs RSA Key Pairs 1 Key wrapping keyInternal via FIPS Plaintext2 Key wrapping 186-2 PRNG HMAC key Triple-DES key Internal via FIPS Plaintext2 Message 186-2 PRNG authentication FIPS 186-2 PRNG Secret key values Internal – by Plaintext2 Pseudo-random seed keys gathering entropy number generator for keys Note 1: Internally generated RSA keys must never be used in a FIPS Approved mode of operation for signature generation and verification and for RSA key wrapping. Note 2: Keys stored in memory are stored in plaintext. Table 4 List of Keys and CSP EMI/EMC Section 3.9 The module is designed to meet security level 1 requirements for EMI/EMC. The module was tested and found compliant with requirements for a Class B digital device. ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 14 Self-Tests Section 3.10 The module performs a set of self-tests to ensure proper operation in compliance with FIPS 140-2. These self-tests are run during power-on (power-on self-tests) or when certain conditions are met (conditional self-tests). Self tests are performed for the approved security functions and algorithms as required. Power-On Self-Tests Software Integrity Test (RSA and HMAC-SHA1) RNG KAT AES KAT Triple-DES KAT RSA SHA-1 KAT RSA SHA-224 KAT RSA SHA-256 KAT RSA SHA-384 KAT RSA SHA-512 KAT DSA Pairwise Consistency Test (DSA Key GEN/DSA SIG GEN/DSA SIG VER) ECDSA Pairwise Consistency Test (ECDSA KEYGEN/ECDSA SIG GEN/ECDSA SIG VER) SHA-1 KAT SHA-224 KAT SHA-256 KAT SHA-384 KAT SHA-512 KAT HMAC SHA-1 KAT Conditional Self-Tests CRNG Tests DSA Pairwise Consistency Test ECDSA Pairwise Consistency Test ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 15 Design Assurance Section 3.11 Apple manages and records source code and associated documentation files. Apple implements a system for document and source code management compliant with FIPS 140-2 Level 1 security. The Apple module hardware data, which includes descriptions, parts data, part types, bills of materials, manufacturers, changes, history, and hardware documentation are managed and recorded. Additionally, configuration management is provided for the module’s FIPS documentation. Document management utilities provide access control, versioning, and logging. Mitigation of Other Attacks Section 3.12 The module does not use other security mechanisms to mitigate against specific attacks. ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 16 Section 4 Secure Operation Security Functions Section 4.1 The module meets Level 1 requirements for FIPS 140-2. The Apple cryptographic module supports the following approved and non-approved security functions. Certificate Service Algorithm Standard Mode/Key Size/Description Number Asymmetric Key PKCS#1 v1.5: SigGen; SigVer; 1024, 1536, 2048, 3072, 4096; RSA PKCS#1 v1.5 952 SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 KeyGen; SigGen; SigVer: ECDSA ANSI X9.62 262 Curves(P-192 P-256 P-384 P-521) FIPS186-2: KeyGen Mod(1024); DSA FIPS 186-2 SigGen Mod(1024); SigVer 585 Mod(1024) Symmetric Key ECB(e/d; 128,192,256); CBC(e/d; AES FIPS 197 1872 128,192,256) FIPS 46-3, SP TECB(e/d; KO 1,2); TCBC(e/d; Triple-DES 1216 800-67 KO 1,2) PRNGs FIPS186-2 PRNG FIPS 186-2 FIPS 186-2: x-Original; SHA-1 981 Hashes SHA-1 FIPS 180-2 Byte orienting hashing 1645 SHA-224 FIPS 180-2 Byte orienting hashing 1645 SHA-256 FIPS 180-2 Byte orienting hashing 1645 SHA-384 FIPS 180-2 Byte orienting hashing 1645 SHA-512 FIPS 180-2 Byte orienting hashing 1645 Keyed-Hashes HMAC SHA-1 FIPS 198 1116 Table 5 Approved FIPS 140-2 Security Functions ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 17 Service Algorithm Standard Mode of Operation Ciphers DES ECB, CBC Blowfish ECB, CBC CAST ECB, CBC ASC RC2 ECB, CBC RC4 ECB, CBC RC5 ECB, CBC Asymmetric Key RSA (key wrapping; key establishment methodology provides between 80 and RSA Encrypt/Decrypt 128 bits of encryption strength; non- compliant less than 80 bits of encryption strength) RSA Key Generation PKCS#1 RSA (key generation) Diffie-Hellman (key agreement; key establishment methodology provides Diffie-Hellman ANSI X9.42 between 80 and 112 bits of encryption strength; non-compliant less than 80- bits of encryption strength) EC Diffie-Hellman (key agreement; Elliptic Curve Diffie- key establishment methodology ANSI X9.63 Hellman provides between 80 and 256 bits of encryption strength). FEE Hashes MD2 MD5 Keyed- Hashes HMAC MD5 Table 6 Non-Approved FIPS 140-2 Security Functions ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 18 Crypto Officer Guidance Section 4.2 The Crypto Officer must operate the module in a manner consistent with the guidance provided within the “Role Guide: Crypto Officer” document. The secure operation procedures include the initial setup, configuring the module in a FIPS compliant manner, and keeping the module in a FIPS-approved mode of operation. User Guidance Section 4.3 The User must operate the module in a manner consistent with the guidance provided within the Apple Support document “How to set up and maintain a FIPS-enabled system” to make sure that only approved security functions are allowed in the FIPS approved mode of operation. Only the services listed in Table 3 should be used if a FIPS approved mode of operation is to be maintained. All security functions listed in Table 5 can be used in the FIPS approved mode of operation. Although outside the boundary of the module, the User should be careful not to provide cryptographic keys or other critical security parameters (CSPs) to other unauthorized parties. In addition to the security functions listed in Table 5, both Diffie-Hellman and Elliptic Curve Diffie-Hellman for key agreement listed in Table 6 are also allowed in the FIPS approved mode of operation. No other non-approved security function should be used. Key establishment methodologies provide a minimum of 80 bits of encryption strength. Encryption strength is determined in accordance with FIPS 140-2 Implementation Guidance 7.5 and NIST Special Publication 800-57 (Part 1). The User can verify the Apple FIPS Cryptographic Module status by running the FIPSPerformSelfTest status command in the Terminal application. The User can verify the Apple FIPS Cryptographic Module version by running the FIPSPerformSelfTest version command in the Terminal application. More information is available about the module on the Apple Support website http://www.apple.com/support/.and searching for FIPS. ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 19 Section 5 Glossary and References Glossary Section 5.1 API Application Programming Interface BSD Berkeley Software Distribution CBC Cipher Block Chaining CDSA Common Data Security Architecture CMVP Cryptographic Module Validation Program CRC Cyclical Redundancy Check CSP Critical Security Parameter CSSM Common Security Services Manager EDC Error Detection Code EMC Electromagnetic Compatibility EMI Electromagnetic Interference FCC Federal Communication Commission FIPS Federal Information Processing Standard KAT Known Answer Test LED Light Emitting Diode MAC Message Authentication Code NIST National Institute of Standards and Technology PRNG Pseudo Random Number Generator RAM Random Access Memory SHA Secure Hash Algorithm ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 20 References Section 5.2 This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available about the module on the Apple Support website http://www.apple.com/support/.and searching for FIPS. To get the latest updates on Apple’s security services and for pointers to other Apple security resources, go to the ADC technology page for security at http://developer.apple.com/security/. CDSA, included as part of OS X Lion, is an Open Source standard by the Open Group (http:// www.opengroup.org/security/cdsa.htm). For an introduction to CDSA, see CDSA Explained, second edition, from the Open Group. The CDSA/CSSM technical standard is Common Security: CDSA and CSSM, version 2 (with corrigenda), also from the Open Group. Information on the full line of products from Apple can be found at (http://www.apple.com/mac). Information on FIPS 140-2 validations and the Cryptographic Module Validation Program can be found at (http://csrc.nist.gov/groups/STM/cmvp/). The website also contains contact information for answers to technical or sales-related questions regarding the Cryptographic Module Validation Program. ________________________________________________________________________________________ APPLEFIPS_SECPOL_002.16 © Copyright 2012 Page 21