BlackBerry 10 Receives FIPS 140-2 Security Certification Ahead of Launch

News

BlackBerry has more third-party security certifications and more government mobile device management experience than any provider of mobile solutions.

BlackBerry® solutions have enabled secure government mobility for over a decade. An important component of this effort has been to continuously invest the time and resources required to achieve and maintain FIPS 140-2 certification.

Today we’re excited to share the news of FIPS 140-2 certification for the upcoming BlackBerry® 10 platform. The certification will enable government agencies to deploy BlackBerry 10 smartphones and BlackBerry® Enterprise Service 10, RIM’s new mobile enterprise management solution, from the day of launch.

What is FIPS 140-2?

FIPS, or “Federal Information Processing Standard” 140-2 is an industry standard developed jointly by the U.S. and Canadian Governments to provide a common certification for the security of encryption modules in technology products. In this blog post, I’ll provide a general overview of FIPS 140-2 and demonstrate how FIPS 140-2 certification of encryption modules used in BlackBerry products is an important piece of the security and certification puzzle.

 

Two programs govern certification for FIPS 140-2: Cryptographic Module Validation Program (CMVP), and the Cryptographic Algorithms Validation Program (CAVP). These programs can evaluate software, hardware, and firmware – or any combination of the three. With the passage of the Federal Information Security Management Act (FISMA) of 2002, all U.S. federal organizations must use FIPS 140-2 certified encryption modules in their technology. Beyond federal organizations, FIPS 140-2 is often seen as a requirement for broader government and law enforcement use, and also provides peace of mind for enterprise customers.

“Achieving FIPS 140-2 certification means that BlackBerry 10 is ready to meet the strict security requirements of government agencies and enterprises at launch. What differentiates BlackBerry is that it is the only mobile solution that integrates end-to-end security, and includes certified encryption algorithms for data at rest and data in transit. No other mobile solution can claim this level of security today or in the near future.”
– Michael K. Brown, RIM Vice President of Security Product Management and Research

FIPS 140-2 ensures and verifies that encryption within a module is implemented correctly. Vendors can choose to register a particular module or multiple modules within the product for FIPS 140-2 certification. For BlackBerry smartphones running the BlackBerry operating system (OS) up to and including version 7.1, we have achieved FIPS certification for the BlackBerry Cryptographic Kernel module that resides in the OS. The BlackBerry 10 platform (as well as the current BlackBerry® PlayBook™ tablet) makes use of the FIPS-certified BlackBerry OS Cryptographic Library module. All of the encryption algorithms used in BlackBerry 10 meet CAVP requirements.

You might have noticed that we’ve so far discussed encryption within (often specific) modules and not an entire device or platform. In order to validate the security of the entire BlackBerry 10 platform, we augment our security assurance by performing other tests and gaining additional certifications. Many evaluation bodies, like Common Criteria (ISO 15408), use FIPS 140-2 certified encryption modules as a foundation for a broader product evaluation.

The uniquely secure BlackBerry Cryptographic Library

At RIM, we not only incorporate FIPS 140-2 certified modules into all of our smartphones and tablets, but have also obtained FIPS 140-2 certification for the central BlackBerry Cryptographic Library. The BlackBerry Cryptographic Library is a pre-built DLL (Dynamic-Link Library), which offers cryptographic services for a variety of BlackBerry products including BlackBerry® Desktop Software, BlackBerry® Enterprise Server, BlackBerry® Mobile Fusion, and BlackBerry® Enterprise Service 10. These products are used along with the BlackBerry devices to connect to resources on the enterprise network. Using a model like this allows us to provide a secure end-to-end mobility solution, from the device straight to the enterprise network.

Why does FIPS 140-2 certification matter?

Enterprises today are demanding more from their mobility solutions, including providing workers with access to sensitive enterprise data, behind-the-firewall mobile applications, and a variety of services accessed directly from a smartphone or tablet. With this increased level of access comes an increased level of risk. Our FIPS 140-2 certifications, in conjunction with the multitude of other security accreditations, provide IT managers with assurance that the risks surrounding data at rest and data in transit can be adequately managed using BlackBerry products. RIM introduced the first smartphone with a FIPS approved module to the mobile market, and since its inception, no other mobile solution has been awarded the same level and quantity of security accreditations granted to BlackBerry products.

 

As you can see, FIPS 140-2 provides security-conscious organizations with the peace of mind to continue forward with mobility and to realize the benefits of mobile solutions without having to worry about compromising the security of communications. FIPS 140-2 is an important certification for the BlackBerry solution, but it is only one piece of our certification portfolio. We have more third-party security certifications and more government mobile device management experience than any provider of mobile solutions. This is why the BlackBerry solution is considered the gold standard in the enterprise, small business, and government.

(As of February 2015, BlackBerry holds 70+ security certifications and approvals from governments.)

Security beyond mobile devices

While it’s important that mobile devices in your work environment are certified as secure against wider standards, device certification is only one piece of the security puzzle for an organization. The solution used to manage these mobile devices and the communication, transfer of data, and access controls also need to be verified as secure. This is why we’re developing the upcoming BlackBerry Enterprise Service 10 as the next-generation secure enterprise mobility management platform. The BlackBerry Cryptographic Library and the BlackBerry Cryptographic Java Modules that are used in BlackBerry Enterprise Service 10 have also achieved FIPS 140-2 certification. We firmly believe that BlackBerry Enterprise Service 10 and the BlackBerry 10 platform represent the most secure and functionally holistic mobile solution for enterprise and government.

For more information about the security of corporate data on BlackBerry 10 devices, check out our article on BlackBerry® Balance™.

Does your business use BlackBerry solutions out of concern for security in mobility? Share in the comments below.

Join the conversation

Show comments Hide comments
+ -
  • http://www.governmentfountain.us/rim-blackberry-10-gets-government-security-clearance-informationweek/ RIM BlackBerry 10 Gets Government Security Clearance – InformationWeek | Government Fountain

    […] before launch, is quite remarkable and a testament to the dedication of our security team,” said David MacFarlane, security certifications director at RIM. “BlackBerry 10 will deliver security, a superior […]

  • http://www.mobilehey.com/samsung/blackberry-10-launch-celebration-on-january-30-2013-to-detail-first-two-bb10-smartphones/ BlackBerry 10 Launch Celebration On January 30, 2013 To Detail First Two BB10 Smartphones - MobileHey

    […] that units based on the OS had been undergoing lab testing with 50 carriers. The organization also not too long ago announced that its most current OS has achieved FIPS 140-two certification forward of deployment, generating […]

  • http://techmeetsblog.com/blackberry-10-launch-event-on-january-30-2013-to-detail-first-two-bb10-smartphones/ BlackBerry 10 Launch Event On January 30, 2013 To Detail First Two BB10 Smartphones | Tech...Meets...Blog

    […] that devices based on the OS were undergoing lab testing with 50 carriers. The company also recently announced that its latest OS has achieved FIPS 140-2 certification ahead of deployment, making devices using […]

  • http://paybazzar.com/blackberry-10-launch-event-on-january-30-2013-to-detail-first-two-bb10-smartphones/ BlackBerry 10 Launch Event On January 30, 2013 To Detail First Two BB10 Smartphones | Paybazzar

    […] that devices based on the OS were undergoing lab testing with 50 carriers. The company also recently announced that its latest OS has achieved FIPS 140-2 certification ahead of deployment, making devices using […]

  • http://woleademola.wordpress.com/2012/11/12/blackberry-10-launch-event-on-january-30-2013-to-detail-first-two-bb10-smartphones/ BlackBerry 10 Launch Event On January 30, 2013 To Detail First Two BB10 Smartphones | Wole ademola

    […] that devices based on the OS were undergoing lab testing with 50 carriers. The company also recently announced that its latest OS has achieved FIPS 140-2 certification ahead of deployment, making devices using […]

  • http://1v8.net/blackberry-10-launch-event-on-january-30-2013-to-detail-first-two-bb10-smartphones/ BlackBerry 10 Launch Event On January 30, 2013 To Detail First Two BB10 Smartphones | 1v8 NET

    […] that devices based on the OS were undergoing lab testing with 50 carriers. The company also recently announced that its latest OS has achieved FIPS 140-2 certification ahead of deployment, making devices using […]

  • http://serialxp.wordpress.com/2012/11/12/blackberry-10-se-lanzara-el-30-de-enero-del-proximo-ano-con-dos-nuevos-telefonos/ BlackBerry 10 se lanzará el 30 de enero del próximo año con dos nuevos teléfonos | SerialXP

    […] El BB 10 OS empieza a funcionar, y se pondrá en marcha con “un gran catálogo de las aplicaciones líderes de todo el mundo y en todas las categorías” y una certificación FIPS 140-2 (lo que significa que las agencias de gobierno pueden cambiar a BB 10 a distancia y con su cuenta de seguridad). Puedes leer más acerca de FIPS 140-2 durante aquí . […]

  • http://vinsee.com.ua/?p=996 BlackBerry 10 буде запущений 30 січня наступного року з двома новими телефонами | Vinsee

    […] ОС BB 10 стартуватиме разом з “великим каталогом з провідних додатків по всьому світу і у всіх категоріях» і сертифікацію FIPS 140-2 (що означає, що державні установи можуть перейти на BB 10 і розраховувати на безпеку). Ви можете прочитати більше про FIPS 140-2 більш тут . […]

  • http://jatisrono.com/blackberry-10-will-launch-on-jan-30-next-year-with-two-new-phones/ BlackBerry 10 will launch on Jan 30 next year with two new phones | Better Topics

    […] The BB 10 OS will hit the ground running – it will launch with “a large catalog of the leading applications from across the globe and across all categories” and a FIPS 140-2 certification (which means that government agencies can switch to BB 10 right away and count on security). You can read more about FIPS 140-2 over here. […]

  • http://prishlink.com/blackberry-10-will-launch-on-jan-30-next-year-with-two-new-phones/ BlackBerry 10 will launch on Jan 30 next year with two new phones | PrishLink.com

    […] The BB 10 OS will hit the ground running – it will launch with “a large catalog of the leading applications from across the globe and across all categories” and a FIPS 140-2 certification (which means that government agencies can switch to BB 10 right away and count on security). You can read more about FIPS 140-2 over here. […]

  • http://www.techzilla.it/blackberry-10-debuttera-il-30-gennaio-con-2-nuovi-device-47787/ Blackberry 10 debutterà il 30 Gennaio con 2 nuovi device. | Techzilla.it

    […] BB 10 è pronto a debuttare con un buon esercito, infatti ha già un vasto catalogo di app disponibili in tutto il mondo oltre alla certificazione FIPS 140-2, ovvero permette alle agenzie governative o di sicurezza di passare a BlackBerry 10 in quanto “sicuro”. Per approfondire su FIPS 140-2 puoi leggere qui. […]

  • http://www.kuriosear.com/para-el-30-de-enero-del-2013-blackberry-se-iniciara-con-2-nuevos-telefonos/ Para el 30 de enero del 2013 Blackberry se iniciará con 2 nuevos teléfonos | Kuriosear

    […] El BB 10 OS se pondrá en marcha con “un gran catálogo de las aplicaciones líderes de todo el mundo y en todas las categorías” y una certificación FIPS 140-2. Puedes leer más acerca de FIPS 140-2 aquí […]

  • http://blogs.blackberry.com/2012/11/blackberry-10-news-recap/ Lab Entry, FIPS and BlackBerry 10 Launch, Oh My! | Inside BlackBerry

    […] the government side, BlackBerry 10 devices achieved FIPS 140-2 Security Certification. The certification will enable government agencies to deploy BlackBerry 10 smartphones and […]

  • http://toplajmi.com/ad/?p=42 TopLajmi | BlackBerry 10 will launch on Jan 30 next year with two new phones

    […] The BB 10 OS will hit the ground running – it will launch with “a large catalog of the leading applications from across the globe and across all categories” and a FIPS 140-2 certification (which means that government agencies can switch to BB 10 right away and count on security). You can read more about FIPS 140-2 over here. […]

  • http://avalanwireless.wordpress.com/2012/11/28/schoeffel-outdoor-clothing-campaign-with-a-view-fitness-studio/ Schoeffel Outdoor Clothing: Campaign With a View, Fitness Studio … | AvaLAN Wireless

    […] BlackBerry 10 Receives FIPS 140-2 Security Certification Ahead of … BlackBerry has more third-party security certifications and more government mobile device management experience than any provider of mobile solutions. BlackBerry® solutions have enabled secure government mobility for … more info… […]

  • http://bizblog.blackberry.com/2012/12/ice-blackberry-10-pilot-program/ U.S. Immigration and Customs Enforcement (ICE) to Launch BlackBerry 10 Pilot Program in Early 2013 | Inside BlackBerry for Business Blog

    […] addition, the BlackBerry 10 platform has received FIPS 140-2 certification, meeting the criteria for secure encryption set by the U.S. and Canadian Governments. This […]

  • http://bizblog.blackberry.com/2012/12/blackberry-7-1-cesg-approval/ BlackBerry 7.1 OS Receives CESG Approval for UK Government Use | Inside BlackBerry for Business Blog

    […] the heels of our recent announcement of FIPS 140-2 certification for the upcoming BlackBerry 10 platform, our current in-market favorite BlackBerry 7.1 OS has received CESG approval for government use in […]

  • http://blackberryphoneshop.info/2012/12/18/blackberry-7-1-os-receives-cesg-approval-for-uk-government-use/ BlackBerry 7.1 OS Receives CESG Approval for UK Government Use | BlackBerry and Phone Shop

    […] the heels of our recent announcement of FIPS 140-2 certification for the upcoming BlackBerry 10 platform, our current in-market favorite BlackBerry 7.1 OS has received CESG approval for government use in […]

  • http://indeksonline.in/?p=55 BlackBerry 10 will launch on Jan 30 next year with two new phones

    […] The BB 10 OS will hit the ground running – it will launch with “a large catalog of the leading applications from across the globe and across all categories” and a FIPS 140-2 certification (which means that government agencies can switch to BB 10 right away and count on security). You can read more about FIPS 140-2 over here. […]

  • http://bizblog.blackberry.com/2012/12/happy-holidays-from-biz-blog/ Happy Holidays from the Inside BlackBerry For Business Bloggers! | Inside BlackBerry for Business Blog

    […] BlackBerry 10 Receives FIPS 140-2 Security Certification Ahead of Launch […]

  • http://tazicompany.com/blackberry-10-will-launch-on-jan-30-next-year-with-two-new-phones BlackBerry 10 will launch on Jan 30 next year with two new phones | Tazicompany.com

    […] The BB 10 OS will hit the ground running – it will launch with “a large catalog of the leading applications from across the globe and across all categories” and a FIPS 140-2 certification (which means that government agencies can switch to BB 10 right away and count on security). You can read more about FIPS 140-2 over here. […]

  • http://bizblog.blackberry.com/2013/01/blackberry-world-for-work-on-blackberry-10/ BlackBerry Balance and BlackBerry World for Work on BlackBerry 10 | Inside BlackBerry for Business Blog

    […] how the experience allows you to flow seamlessly between work and personal use. Work data is kept safe and secure, without compromising your experience. Regardless of whether you switch to work or personal areas […]

  • http://blackberryphoneshop.info/2013/01/10/blackberry-balance-and-blackberry-world-for-work-on-blackberry-10/ BlackBerry Balance and BlackBerry World for Work on BlackBerry 10 | BlackBerry and Phone Shop

    […] how the experience allows you to flow seamlessly between work and personal use. Work data is kept safe and secure, without compromising your experience. Regardless of whether you switch to work or personal areas […]

  • http://blogs.blackberry.com/2013/01/blackberry-balance-on-blackberry-10/ BlackBerry Balance and BlackBerry World for Work on BlackBerry 10 | Inside BlackBerry

    […] how the experience allows you to flow seamlessly between work and personal use. Work data is kept safe and secure, without compromising your experience. Regardless of whether you switch to work or personal areas […]

  • http://pyete.at/?p=27 Pyete.at » Blog Archive » BlackBerry 10 will launch on Jan 30 next year with two new phones

    […] The BB 10 OS will hit the ground running – it will launch with “a large catalog of the leading applications from across the globe and across all categories” and a FIPS 140-2 certification (which means that government agencies can switch to BB 10 right away and count on security). You can read more about FIPS 140-2 over here. […]

blog comments powered by Disqus