Apple Inc. Apple macOS Catalina 10.15 Common Criteria Configuration Guide September 18, 2020 v1.7 Prepared By: Acumen Security 2400 Research Blvd Suite 395 Rockville, MD, 20850 www.acumensecurity.net Prepared for: Apple Inc. One Apple Park Way MS 927-1CPS Cupertino, CA-95014 www.apple.com © 2020 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirety without revision. 1 Table of Contents 1. Purpose of this document ..................................................................................................................... 5 1.1. TOE Overview ................................................................................................................................. 5 1.2. TOE Description .............................................................................................................................. 5 1.3. Assumptions ................................................................................................................................... 7 1.4. TOE Delivery ................................................................................................................................... 7 2. TOE Self Tests ......................................................................................................................................... 8 2.1. Cryptographic Module Tests .......................................................................................................... 8 2.2. Cryptographic Algorithm Tests ....................................................................................................... 8 2.2. Software/Firmware Integrity Tests ................................................................................................ 9 2.3. Critical Function Tests .................................................................................................................... 9 3. Prerequisites for Installation ................................................................................................................. 9 3.1. Disable Excluded Functionality ....................................................................................................... 9 3.2. TOE Management Functions ........................................................................................................ 11 4. Installation of the Apple macOS Catalina 10.15 .................................................................................. 21 4.1. Clean Installation steps for the TOE ............................................................................................. 22 4.1.1. Install the TOE from Apple website ..................................................................................... 22 4.1.2. Reinstall the TOE .................................................................................................................. 22 5. Check Software Updates ...................................................................................................................... 22 6. Installing Updates ................................................................................................................................ 23 6.1. Installing OS updates .................................................................................................................... 23 6.2. Installing Software Application Updates ...................................................................................... 26 7. TOE Startup Security Utility ................................................................................................................. 28 7.1. Mac startup key combinations: .................................................................................................... 30 7.1.1. If a key combination doesn't work ....................................................................................... 30 8. Configuring TLS .................................................................................................................................... 31 8.1 Configure TOE for TLS Mutual Authentication .................................................................................. 34 9. TOE Cryptographic Operation – Hashing, Encryption and Decryption ................................................ 34 10. Buffer Overflow Protections ................................................................................................................ 35 11. Creating User Accounts ....................................................................................................................... 35 11.1. Locking an Account ...................................................................................................................... 38 11.2. Creating Groups ........................................................................................................................... 39 11.3. Modifying or Deleting Groups ...................................................................................................... 40 11.4. Changing User Passwords ............................................................................................................ 41 12. Password Policy ................................................................................................................................... 42 13. Setting System Date and Time ............................................................................................................. 45 13.1. Change System Date and Time:.................................................................................................... 45 14. Auditing ................................................................................................................................................ 48 14.1. Command Line Programs ............................................................................................................. 50 14.1.1. audit ..................................................................................................................................... 50 14.1.2. auditreduce .......................................................................................................................... 51 14.1.3. praudit .................................................................................................................................. 53 © 2020 Apple Inc., All rights reserved. This document may be reproduced and distributed only in its original entirety without revision. 2 14.1.4. Managing audit log files ....................................................................................................... 53 14.1.5. Deleting audit records.......................................................................................................... 54 14.2. Audit Control Files ........................................................................................................................ 54 14.2.1. audit_class ........................................................................................................................... 54 14.3. audit_control ................................................................................................................................ 55 14.3.1. Audit Flags ............................................................................................................................ 56 14.3.2. Default.................................................................................................................................. 57 14.4. audit_event .................................................................................................................................. 57 14.5. audit_user .................................................................................................................................... 57 14.6. audit_warn ................................................................................................................................... 58 14.7. Audit Log Files .............................................................................................................................. 58 14.8. Configure the address of remote audit server to which to send audit records ........................... 58 15. Reference Identifiers ........................................................................................................................... 59 16. Access Control Policy ........................................................................................................................... 59 17. Warning Banner ................................................................................................................................... 61 18. Authorization Factors .......................................................................................................................... 62 18.1 Smart Card Registration ................................................................................................................... 63 18.2 Smart Card Authentication .............................................................................................................. 65 19. Key Destruction .................................................................................................................................... 66 20. Validation of Cryptographic Elements ................................................................................................. 66 21. Enable Full Disk Encryption .................................................................................................................