Attention A T users. To access the menus on this page please perform the following steps. 1. Please switch auto forms mode to off. 2. Hit enter to expand a main menu option (Health, Benefits, etc). 3. To enter and activate the submenu links, hit the down arrow. You will now be able to tab or arrow up or down through the submenu options to access/activate the submenu links.

VA Technical Reference Model v 18.11

macOS Technology

General InformationGeneral Information help

Technologies must be operated and maintained in accordance with Federal and Department security and privacy policies and guidelines. More information on the proper use of the TRM can be found on the TRM Proper Use Tab/Section.

Website: Go to site
Description: macOS, previously OS X, is a Unix-based graphical interface operating system (OS) developed, marketed, and sold by Apple Inc. macOS`s core is a Portable Operating System Interface (POSIX) compliant Operating System (OS) built on the XNU kernel, with standard Unix utilities available from the command line interface. It is designed to run exclusively on Mac computer hardware.

Note: XNU is the computer operating system kernel developed at Apple Inc. since December 1996 for use in the macOS operating system and released as free and open source software as part of the Darwin operating system. XNU is an acronym for X is Not Unix.
Technology/Standard Usage Requirements: Users must ensure their use of this technology/standard is consistent with VA policies and standards, including, but not limited to, VA Handbooks 6102 and 6500; VA Directives 6004, 6513, and 6517; and National Institute of Standards and Technology (NIST) standards, including Federal Information Processing Standards (FIPS). Users must ensure sensitive data is properly protected in compliance with all VA regulations. Prior to use of this technology, users should check with their supervisor, Information Security Officer (ISO), Facility Chief Information Officer (CIO), or local Office of Information and Technology (OI&T) representative to ensure that all actions are consistent with current VA policies and procedures prior to implementation.
Section 508 Information: This technology has not been assessed by the Section 508 Office. The Implementer of this technology has the responsibility to ensure the version deployed is 508-compliant. Section 508 compliance may be reviewed by the Section 508 Office and appropriate remedial action required if necessary. For additional information or assistance regarding Section 508, please contact the Section 508 Office at
Decision: View Decisions
Decision Constraints: Due to National Institute of Standards and Technology (NIST) identified security vulnerabilities, extra vigilance should be applied to ensure the versions remain properly patched to mitigate known and future vulnerabilities. The local ISO can provide assistance in reviewing the NIST vulnerabilities.

Use of this technology is only permitted when deployed using the organization`s gold image and managed by the Mac standardization project.

Version 10.13 currently being evaluated, reviewed, and tested in controlled environments. Use of this technology is strictly controlled and not available for use within the general population. Contact your local CIO office if more information is needed in regards to the use of this technology.

When establishing a password for the FileVault 2, ensure that all of the VA password requirements are met with regard to length and complexity. VA Handbook 6500 Control IA-5: Authenticator Management sets a standard of at least 8 non-blank characters. They must contain characters from three (3) of the following (4) categories:
English upper case characters
English lower case characters
Base-10 digits
Non-alphanumeric special characters
Six of the characters must not occur more than once in the password.

The lack of support for MFA and the reuse of OS authentication is a concern in FileVault 2. It is essential at VA to use two-factor authentication (2FA) and not duplicate OS credentials when authenticating users before system boot. Commercial add-on products must be investigated and tested for coupling with FileVault 2 to achieve MFA/2FA.

Since recovery keys are essentially passwords that the system generates for the user, the user will need to find a way to secure the recovery key for later retrieval if necessary. Successful implementation of FileVault 2 relies on impeccable password protection. VA must consistently conduct awareness programs emphasizing techniques to store/escrow passwords and recovery keys.

Thoroughly test centralized management and configuration third-party add-on pairings that must be used to scale FileVault 2 implementation from its intended personal use to an enterprise solution.

Care must be exercised to use the latest version of FileVault 2 and not to inadvertently implement Legacy FileVault by mistake. FileVault 2 must remain patched and operated in accordance with Federal and Department security and privacy policies and guidelines.

Decision Source: TRM Mgmt Group
Decision Process: One-VA TRM v18.9
Decision Date: 09/10/2018
Aliases: Mac OS X, OS X
Introduced By: TRM Request
Vendor Name: Apple
- The information contained on this page is accurate as of the Decision Date (09/10/2018).