FileVault 2 on Yosemite is now FIPS 140-2 Compliant

Apple announced on Saturday, August 8th that the FIPS 140-2 validations for the cryptographic modules used by iOS 8 and OS X 10.10.x have now been completed. This is significant news for folks who want to use FileVault 2 in government and regulated industries (such as financial and health-care institutions.)

For folks who haven’t heard of it before, FIPS 140-2 is an information technology security accreditation program run jointly by the US and Canadian governments. This program is used by private sector vendors to have their cryptographic modules certified for use in US and Canadian government departments and private industries with regulatory requirements for security.

As part of the announcement, Apple has released KBase articles and guidance for security offices who deal with encryption:

OS X Yosemite: Apple FIPS Cryptographic Modules v5.0 – http://support.apple.com/kb/HT205017

Crypto Officer Role Guide for FIPS 140-2 Compliance OS X Yosemite v10.10 – https://support.apple.com/library/APPLE/APPLECARE_ALLGEOS/HT205017/APPLEFIPS_GUIDE_CO_OSX10.10.pdf

According to Apple, the OS X Yosemite Cryptographic Modules, Apple OS X CoreCrypto Module v5.0 and Apple OS X CoreCrypto Kernel Module v5.0, require no setup or configuration to be in “FIPS Mode” for FIPS 140-2 compliance on devices running OS X Yosemite v10.10.

FileVault 2 is listed as being FIPS 140-2 Compliant as part of the Crypto Officer Role Guide for FIPS 140-2 Compliance OS X Yosemite v10.10 documentation, in the Compliant Applications and Services section.

For more information about the validation certification, please see below the jump.

iOS 8

Module Name: Apple iOS CoreCrypto Module, v5.0
Certificate #2396: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2015.htm#2396
Security Policy: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2396.pdf

Module Name: Apple iOS CoreCrypto Kernel Module, v5.0
Certificate #2407: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2015.htm#2407
Security Policy: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2407.pdf

OS X Yosemite v10.10

Module Name: Apple OS X CoreCrypto Module, v5.0
Certificate #2408: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2015.htm#2408
Security Policy: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2408.pdf

Module Name: Apple OS X CoreCrypto Kernel Module, v5.0
Certificate #2411: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2015.htm#2411
Security Policy: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2411.pdf