Government


How to Buy

Shop for your agency:

Federal Smart pay State and local online stores

Use a GSA schedule

Shop for yourself:

Federal Employees

State and local employees

Government Regulations

Apple products meet several government and authentication regulations.

Security

Apple believes security should be “built in and not bolted on,” we build right into our operating system security tools that have been recognized by common Criteria Certification, FIPS and other. Apple also participates in several consortiums guiding security standards and policies.


Certifications


Common Criteria Certification:

Apple has augmented its commitment to security by becoming Common Criteria Certified for both Mac OS X 10.3 and Mac OS X Server 10.3. Achieving Common Criteria certification, a standard method of evaluating the security capabilities of Information Technology products, demonstrates Apple’s commitment to providing the safest, most user-centered computing experience possible.

Common Criteria, an internationally approved set of security standards, provides a clear and reliable evaluation of the security capabilities of Information Technology products. By providing an independent assessment of a product’s ability to meet security standards, Common Criteria Certification gives customers more confidence in the security of Information Technology products and leads to more informed decisions. Security-conscious customers, such as the U.S. Federal Government, require Common Criteria Certification as a determining factor in purchasing decisions. Since the requirements for certification are clearly established, vendors can target very specific security needs while providing broad product offerings.

See more information about Apple’s Common Criteria Certification.

FIPS 140-2:

Apple is committed to completing FIPS 140-2 Validation. If you or your agency needs specific information relating to Apple’s FIPS Validation, please contact the Apple Federal Security Team.


Authentication


Smart Cards:

HSPD-12 has pushed many federal agencies forward with their Smart Card Projects. Apple has provided Federal Smart Card support since January, 2003. With this directive, Apple is helping Federal customers meet the requirements of HSPD-12 item 3 out-of-the-box, without any additional software to purchase or install.

Mac OS X has built-in support for use with the U.S. Federal Government's Smart Cards which adhere to one of the approved specifications: CAC (Common Access Card), GSCIS (Government Smart Card Interoperability Specification), PIV (Personal ID Verification).

Smart Card Readers:

Mac OS X also supports a wide variety of Smart Card Readers on all Apple systems runnning Mac OS X. These range from the standard USB-based PC-based, as well as USB Dongle-based Smart Card Readers. Those Smart Card Readers with pre-installed driver support include: CCID Class, as well as specific readers from CRYPTOCard, GemPlus, OmniKey, and SCM Microsystems.

There are many different readers that are compatible with Mac OS X. If you have a reader and are either not sure if it is compatible or do not have the necessary driver, please contact the Apple Federal Security Team.

Token-based Authentication

The use of tokens for authentication of users is familiar to many members of the federal IT staff. Mac OS X provides VPN support for the RSA SecureID one-time password tokens.

CRYPTOCard has taken the token support of Mac OS X one step further with their token-based log-in. This means that users can log into systems using a one-time password token. For more information on purchasing a CRYPTOCard, please visit the Apple Federal Online Store.

Biometrics

Mac OS X provides built-in support for user authentication. The most common Biometric device available on Mac OS X is the Sony Puppy Fingerprint ID Device. For more information on purchasing a Sony Puppy, please visit the Apple Federal Online Store.

Encryption


Strong Data Encryption

Filevault, standard with Mac OS X, secures your home directory by encrypting its entire contents using the Advanced Encryption Standard with 128-bit keys. This high-performance algorithm automatically encrypts and decrypts in realtime, so you don’t even know it’s happening. AES gives you 10 to the 38th power possible 128-bit keys.

Secure Erase (DoD 5220-22-M Compliant)

Secure Erase follows the U.S. Department of Defense standard for the sanitization of magnetic media in DoD 5220-22-M: National Industrial Security Program Operating Manual.

Now you can completely erase sensitive files you no longer need. When you delete a file or folder, Secure Erase Trash makes sure that it no longer exists. Traditional file deleting simply removes the file name from the disk directory but leaves the file data in place. Secure Erase Trash immediately overwrites the file according to the seven-pass DoD specification.

Security Auditing


As part of the work done for Common Criteria Certification, Apple delivered the required Security Auditing capabilities required by NISPOM - National Industrial Security Program Operating Manual. These auditing services provide the capturing, reviewing, filtering, and validating of relevant security events that have taken place on the associated system.

Installation of the Common Criteria tools is necessary to complete available auditing components to the system of interest. The Common Criteria Administration Guide provides complete coverage of the auditing services.

Collaboration with other security groups:


Apple works with the formal incident response community to distribute information. Most Apple security notices are distributed by CERT/CC at the same time that they are sent through Apple’s own channels. Apple is a member of the Forum of Incident Response and Security Teams (FIRST), and cooperates with other FIRST members to disseminate security-related information.

Apple also works very closely with the FreeBSD Security team to analyze and release patches for security vulnerabilities.