FIPS 140-2 compliance
BlackBerry
Dynamics
apps
must comply with U.S. Federal Information Processing Standards (FIPS) 140-2. The BlackBerry Dynamics SDK
distribution
contains FIPS canisters and tools and, by default, enforces FIPS compliance.There are two components involved in enabling FIPS:
Component | Description |
|---|---|
BlackBerry
Dynamics app | The app must start in FIPS-compliant mode. The BlackBerry Dynamics SDK determines whether a service is running in
FIPS mode when the app communicates with the server to receive
policies. All apps must be written for FIPS compliance. |
Policy server (either standalone Good Control or BlackBerry UEM ) | For more details on FIPS policies, see Readying your app for deployment: server setup. |
FIPS compliance enforces the following constraints:
- MD4 and MD5 are prohibited. As a result, access to NTLM-protected or NTLM2-protected web pages and files is blocked.
- Wrapped apps are blocked.
- In secure socket key exchanges with ephemeral keys, with servers that are not configured to use Diffie-Hellman keys of sufficient length,BlackBerry Dynamicsretries with staticRSAcipher suites.
When you enable FIPS compliance, user certificates must use encryption that
meets FIPS standards. If a user tries to import a certificate with encryption that
is not compliant, the user receives an error message indicating that the certificate
is not allowed and cannot be imported.