Skip Navigation

FIPS compliance

It is a best practice to make your
BlackBerry Dynamics
apps compliant with U.S. Federal Information Processing Standards (FIPS) 140-2.The
BlackBerry Dynamics SDK
distribution contains FIPS canisters and tools.
The
BlackBerry UEM
administrator enables FIPS compliance using a
BlackBerry Dynamics
profile (
UEM
). If enabled,
BlackBerry Dynamics
apps must start in FIPS-compliant mode. The SDK determines whether a service is running in FIPS mode when the app communicates with the server to receive policies.
FIPS compliance enforces the following constraints:
  • The use of MD4 and MD5 are prohibited. As a result, access to NTLM-protected or NTLM2-protected web pages and files is blocked.
  • In secure socket key exchanges with ephemeral keys, with servers that are not configured to use Diffie-Hellman keys of sufficient length,
    BlackBerry Dynamics
    retries with static RSA cipher suites.
  • When you enable FIPS compliance, user certificates must use encryption that meets FIPS standards. If a user tries to import a certificate with encryption that is not compliant, the user receives an error message indicating that the certificate is not allowed and cannot be imported.
  • For
    iOS
    , when you build for testing with the x86 64-bit simulator, FIPS mode is not enforced. As a result, you might see a difference in behavior with the simulator compared to actual operation.
    BlackBerry
    recommends that you always test your app on actual
    iOS
    hardware and not rely exclusively on the simulation.
  • If you use the SDK dynamic framework, FIPS linking is not required.