It is a best practice to make your
BlackBerry Dynamicsapps compliant with U.S. Federal Information Processing Standards (FIPS) 140-2.The
BlackBerry Dynamics SDKdistribution contains FIPS canisters and tools.
BlackBerry UEMadministrator enables FIPS compliance using a
BlackBerry Dynamicsprofile (
UEM). If enabled,
BlackBerry Dynamicsapps must start in FIPS-compliant mode. The SDK determines whether a service is running in FIPS mode when the app communicates with the server to receive policies.
FIPS compliance enforces the following constraints:
- The use of MD4 and MD5 are prohibited. As a result, access to NTLM-protected or NTLM2-protected web pages and files is blocked.
- In secure socket key exchanges with ephemeral keys, with servers that are not configured to use Diffie-Hellman keys of sufficient length,BlackBerry Dynamicsretries with static RSA cipher suites.
- When you enable FIPS compliance, user certificates must use encryption that meets FIPS standards. If a user tries to import a certificate with encryption that is not compliant, the user receives an error message indicating that the certificate is not allowed and cannot be imported.
- ForiOS, when you build for testing with the x86 64-bit simulator, FIPS mode is not enforced. As a result, you might see a difference in behavior with the simulator compared to actual operation.BlackBerryrecommends that you always test your app on actualiOShardware and not rely exclusively on the simulation.
- If you use the SDK dynamic framework, FIPS linking is not required.