Fips publication 1402 is a security standard that is used to accredit cryptographic modules. Fips encryption modules for all use cases by safelogic. Follow these stepbystep instructions to enable fips 1402 compliance. Approved random number generators for fips pub 1402, security requirements for cryptographic modules june 10, 2019 draft information technology laboratory national institute of standards and technology gaithersburg, md 208998930 u.
Safelogic combines software and services to provide fips 1402 validation in 8 weeks. Product security certifications, validations, and guidance. Google cloud platform uses a fips 1402 validated encryption module called boringcrypto certificate 3318 in our production environment. Fips 1402 is a big document centered around hardware. Federal information processing standards are developed by the federal government for use primarily by government agencies and contractors. Mocana applied for and received fips 1402 level 1 validation for its nanocrypto androidproduct compiled for linux on armbased cpus. While saving data in sqllite my custom application will use the certified cryptographic module. The fips 1402 standard is an information technology security approval program for cryptographic modules produced by private sector vendors who seek to have their products certified for use in government departments and regulated industries such as financial and healthcare institutions that collect, store, transfer, share and disseminate. The 1 android device that did actually receive such certification was the dell which was discontinued 1 year prior to receiving the certification. Apple seeks to better ipad, iphone security via fips 1402. Nist cio del brockett gave almost the same statement when contacted.
According to my understanding, fips compliance is compliance at hardware as well as software level. San francisco, ca prweb june 2, 2010 mocana corporation, a company that focuses on securing nonpc connected devices, today announced that it has earned the governments first fips 1402 level one validation for a binary cryptographic module with suite b cryptography running on the android platform. I need to protect the dataatrest with fips certified 1402 level 1 cryptographic module. This document provides a nonproprietary fips 1402 security policy for. There are many questions around security for mobile devices. Upload a mobile app to your account please follow these steps to add a mobile app to your appdome account. Federal information processing standards fips are standards and guidelines that are issued by the united states national institute of standards and technology nist for federal government computer systems. Really there is no fips 1402 certified android or ios devices out there unless they have a custom rom that has that certification. I am working on a securityrelated project and have to make sure it is fips 1402 compliant. Currently there are 2 samsung android devices which are fips compliant, i. Aiming to break into the government market on an enterprise level, apple has submitted three cryptographic modules that are in the modules in process queue for fips 1402 compliance, according to easter.
These terms are not recognized or defined government terms. Even the federal government wont buy apple products that. Fips 1402 compliant android devices android forums at. Securing your android smart phone for federal use is no easy task. Ibm mobilefirst platform foundation provides fips 1402 support for android, ios, and cordova. Fips 1402 validated certification was established to aid in the protection of digitally stored unclassified, yet sensitive, information. Blackberry dynamics api reference fips 1402 compliance easy activation securing cutcopypaste on devices.
The mdx vault encrypts mdxwrapped apps and associated dataatrest on both ios and android devices using fips certified cryptographic modules provided by the openssl. Secure work space on ios and android gets fips 1402 certified. All apple fips 1402 conformance validation certificates are on the cmvp vendor page. Validation can only be performed against a final module release version and formally submitted upon os public release. Select require to enforce encrypting org data with intune app layer encryption on all devices. After the transition period, modules will no longer be tested against the fips 1401 requirements. Nanocrypto is a sophisticated cryptographic engine. Cryptocomply features android fips 1402 validated encryption and has also been fips certified on ios, microsoft windows, mac os x, and linux. Safelogics cryptocomply includes android fips 1402 validated encryption get your own nist validation in 8 weeks.
Fips1402 security for enterprise android development. Android and fips information security stack exchange. As it relates to data at rest encryption, fips 1402 cryptographic modules are often mandated for mobile app security. In this article, we use fips 1402compliant, fips 1402 compliance, and fips 1402compliant mode in the sense that sql server 2012 uses only fips 1402validated instances of algorithms and hashing functions in all instances in which encrypted or hashed data is imported to or exported from sql server 2012. Sharepoint server 2010 does not currently comply with federal information processing standard fips 1402 security requirements for cryptographic modules.
Blackberry has kicked up the security not only on their own devices, but also on android and ios. Several android devices provide fips 1402 validation for complete content encryption on the device. He said nist supports only fips 1402 devices and only blackberrys on its network, but employees can access email through other nonrim phones. Safelogics cryptocomply, a fips 140 validated crypto module, makes integration a snap and provides instant nist compliance. For the full xenmobile fips 1402 compliance statement, including the specific modules used in each case, contact your citrix representative. Yes, ibm has one ibm java jce 1402 cryptographic module you may want to look at the. Android supports the kill command, but not encryption. The nist website gives an overview of the fips 1402 validation process, as well as the status of modules in process. Use the following commands to build and install the openssl fips object module and openssl fips capable library. The terms fips 1402 compliant, fips 1402 compliance, and fips 1402compliant mode are defined here for use and clarity. Protecting sensitive government data on mobile devices. How to enable fips 1402 compliance in fused applications.
The sub rosa pro license will work with any reader that appears as a ccid device, such as the thursby readers. Sub rosa pro is fips 1402 validated and approved under disas dod mobile app store. Using fips 1402 cryptographic modules in a mobile app. Contact your verizon business specialist for a list of fips 1402 certified android devices. Instructions for using sql server 2012 in the fips 1402. Multiapp part of a secure android app ecosystem leveraging the pkard toolkit for android. The federal information processing standard 1402 is a u.
It seems like it should be a relatively straightforward concept. Is the knox platform certified by the us government. Fips compliance for my android project stack overflow. Fips 1402 defines security standards which the united states and canadian governments use to validate security levels for products that implement cryptography. Issued by the national institute of standards and technology nist, the federal information processing standard fips is a us security standard that helps ensure companies that collect, store, transfer, share, and disseminate sensitive but unclassified sbu information and controlled unclassified information cui. Department of commerce penny pritzker, secretary national institute of standards and technology. Our dropin replacement options for openssl and bouncy castle make integration a snap, and if youre currently using a proprietary module, we can help you make a smooth. Using fips 1402 cryptographic modules in a mobile app appdome. This federal information processing standard 1402 specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels. Home forums android discussion android development fips 1402 security for enterprise discussion in android development started by c308682, may 5, 2010.
Theyve announced today that secure work space for ios and android is now federal information processing standard fips 1402 certified. Fips 1402, security requirements for cryptographic. Samsung galaxy devices on android 9 assurance continuity samsung. There are two clone validations known as alternative scenario 1a validations, also referred to as rebrand validations by some test labs were obtained for the same module.
Apple actively engages in the validation of the corecrypto and corecrypto kernel modules for each major release of ios. Skype for business server and microsoft exchange server 2016 operate with support for federal information processing standard fips 1402 algorithms if the windows server operating systems are configured to use the fips 1402 algorithms for system cryptography. Made and supported in the usa by specialists from arlington, texas. There are no android, apple or blackberry devices listed that are fips 1402 level 2 certified, but the blackberry 10 secure work space module and samsung knox workspace, which separate personal.
I read that blackberrys secure work space for ios and android received fips 1402 certification. What does fips 1402 level 2 certified mean for security. This article discusses fips 1402 instructions and how to use sql server 2016 in fips 1402compliant mode. Its called fips 1402 certification, and apple has just announced that the cryptographic modules in ios 9 and os x 10. Before you can answer this question it is helpful to understand what is meant by fips.
Secure work space on ios and android gets fips 1402. How to meet fips 1402 by building source code for android. After the transition period, all previous validations against fips 1401. Android app protection policy settings microsoft intune. Encryption for skype for business server skype for. Koolspan secures android with fips 1402 validation. This was needed in order to avoid clashes with android s version of bouncy castle as well as clashes for applications that might be using spongy castle and not requiring fips 1402 certified services. Fips 1402 compliance for mobile apps applies to multiple solutions involving mobile apps. Some models of android devices have been certified as meeting this standard. Testing of cryptographic modules against fips 1402 will end on september 22, 2021. The fips 1402 release for android is now called stripy castle and is packaged under org. Fips 1402 nonproprietary security policy okta cryptographic. Redcom secure client for android receives fips 1402.
Can fips 1402 certification improve enterprise mobile security. Reliable, productive and secure the verizon android. Two of the most demanding sets of standards are common criteria and fips 1402, and samsung has achieved validation with many of its devices through each of these certification programs. A federal processing standard that certifies that devices meet certain federal requirements for device security. Safelogics cryptocomply encryption modules are available for ios, android, linux, windows, and mac os x, as well as other platforms. Many government agencies require that data at rest encryption for mobile apps operates with fips 1402 cryptographic modules. Fips 1402 is a huge certification when it comes to government spaces, and now security conscious organizations in us and canada can safely. We are working on android l application that is intended to use fips 1402 validated cryptography. If you dont have an appdome account, click here to create an account. Suitable for windows systems, with easy to use interface in 22 different languages. The browser also acts as an authentication agent, smoothly coordinating reader and card access to an optional secure app ecosystem.