Smart Card Utility: More Information
Configuring Smart Card Authentication
Configuring Smart Card Authentication
Configure macOS for smart card-only authentication
https://support.apple.com/en-us/HT208372
macOS Slot Requirements
| Usage | Slot | PIN Required | Required for macOS |
| PIV Authentication | 9A | Once | Yes |
| Digital Signature | 9C | Always | Recommended |
| Key Management (KMK) | 9D | Once | Yes |
| Card Authentication | 9E | Never | No |
| Retired Key Management | 82-95 | Once | No |
| Retired Key Management | 8A-8F | Once | No |
| PIV Secure Messaging | 4 | Always | No |
Man pages
man SmartCardServices man sc_auth man fdesetup
Presentations
Working with Smart Cards: macOS and Security
Slack
Logging
Turn on debug logging
sudo defaults write /Library/Preferences/com.apple.security.smartcard Logging -bool yes
View log as events happen
log stream --predicate '(subsystem == "com.apple.CryptoTokenKit") && (category == "APDULog")'
Product security certifications, validations, and guidance
Homeland Security Presidential Directive 12
Policy for a Common Identification Standard for Federal Employees and Contractors
HSPD-12: https://www.dhs.gov/homeland-security-presidential-directive-12
NASA SmartCard Services
NASA SmartCard Services Deployment Whitepaper (requires US Government email/PIV to access)
Developer Info
Compliance
NIAP
CSFC
https://www.nsa.gov/ia/programs/csfc_program/component_list.shtml
DSC
https://www.commoncriteriaportal.org/communities/CCDB_DSC_ESR_v1.2.pdf
Configuration Profile Reference
Configuration Profile Reference