os_implement_cryptography.yaml

id: os_implement_cryptography
title: Configure the System to Implement Approved Cryptography to Protect Information
discussion: |
  The information system _IS_ configured to implement approved cryptography to protect information.

  Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cryptographic modules that adhere to the higher standards that have been tested, validated, and approved by the federal government.

  Apple is committed to the FIPS validation process and historically has always submitted and validated the cryptographic modules in macOS. macOS Tahoe for Apple Silicon will be submitted for FIPS validation. macOS Tahoe for Intel based processors will _NOT_ be submitted for FIPS validation.

  link:https://csrc.nist.gov/Projects/cryptographic-module-validation-program/validated-modules[]

  link:https://support.apple.com/guide/sccc/welcome/web[]
check: |
  The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement using FIPS Validated Cryptographic Modules.
fix: |
  The technology inherently meets this requirement. No fix is required.
references:
  cce:
    - CCE-95208-5
  cci:
    - N/A
  800-53r5:
    - SC-13
  800-53r4:
    - SC-13
  disa_stig:
    - N/A
  srg:
    - SRG-OS-000478-GPOS-00223
    - SRG-OS-000033-GPOS-00014
    - SRG-OS-000396-GPOS-00176
  800-171r3:
    - 03.13.11
  cmmc:
    - MP.L2-3.8.6
    - SC.L2-3.13.11
macOS:
  - '26.0'
tags:
  - 800-53r5_low
  - 800-53r5_moderate
  - 800-53r5_high
  - 800-53r4_low
  - 800-53r4_moderate
  - 800-53r4_high
  - 800-171
  - inherent
  - cnssi-1253_low
  - cnssi-1253_high
  - cmmc_lvl2
  - cnssi-1253_moderate
mobileconfig: false
mobileconfig_info: