Apple has contracted an independent lab to conduct a
Common Criteria Evaluation
on Mac OS X and Mac OS X Server.
Science Applications International Corp.
(SAIC) will conduct the tests for Apple at their Common Criteria Testing Laboratory.
SAIC will conduct an evaluation of Mac OS X in accordance with the Common Criteria for Information Technology Security Evaluation (ISO 15408) Evaluation Assurance Level 3 requirements. The operating system will be evaluated against the functional requirements of the Controlled Access Protection Profile.
The Common Criteria is a standard for evaluating the security of IT products. The tests, which take 1-4 years to complete, don’t say which operating system is more secure, but it does set up a basis for determining how secure one product is to another.
The tests will document what happens in the operating system when something comes in over the network — what it does, the calls it makes etc. The tests are not about getting someone to break into the machine, but more about what happens in the OS of the machine.
Under new rules by the U.S. Federal government, an operating System vendor must be listed as “in progress” in these tests in order to be used by any government agency.
“This is another example of our commitment to producing what we think are the best products for our customers and trying to ensure a high level of security with these products,” Tom Goguen, Apple’s director of Server Software Product Marketing, told MacCentral.