Configuring Smart Card Authentication

https://developer.apple.com/documentation/cryptotokenkit/configuring_smart_card_authentication

Configure macOS for smart card-only authentication

https://support.apple.com/en-us/HT208372

macOS Slot Requirements

Usage Slot PIN Required Required for macOS
PIN Authentication 9A Once Yes
Digital Signature 9C Always Recommended
Key Manageement (KMK) 9D Once Yes
Card Authentication 9E Never No
Retired Key Management 82-95 Once No
Retired Key Management 8A-8F Once No
PIV Secure Messaging 4 Always No

Man pages

man SmartCardServices

man sc_auth

man fdesetup

Presentations

Working with Smart Cards: macOS and Security

Slack

Logging

Turn on debug logging
sudo defaults write /Library/Preferences/com.apple.security.smartcard Logging -bool yes
View log as events happen:
log stream --predicate '(subsystem == "com.apple.CryptoTokenKit") && (category == "APDULog")'

Product security certifications, validations, and guidance

Homeland Security Presidential Directive 12: Policy for a Common Identification Standard for Federal Employees and Contractors