Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Dynamics SDK for iOS 11.1
  3. BlackBerry Dynamics SDK for iOS Development Guide
  4. Requirements and support for platform-specific features
  5. FIPS compliance

FIPS compliance

It is a best practice to make your
BlackBerry Dynamics
 apps compliant with U.S. Federal Information Processing Standards (FIPS) 140-2.The
BlackBerry Dynamics SDK
 distribution contains FIPS canisters and tools.
The
BlackBerry UEM
 administrator enables FIPS compliance using a
BlackBerry Dynamics
 profile (
UEM
). If enabled,
BlackBerry Dynamics
 apps must start in FIPS-compliant mode. The SDK determines whether a service is running in FIPS mode when the app communicates with the server to receive policies.
FIPS compliance enforces the following constraints:
  • The use of MD4 and MD5 are prohibited. As a result, access to NTLM-protected or NTLM2-protected web pages and files is blocked.
  • In secure socket key exchanges with ephemeral keys, with servers that are not configured to use Diffie-Hellman keys of sufficient length,
    BlackBerry Dynamics
     retries with static RSA cipher suites.
  • When you enable FIPS compliance, user certificates must use encryption that meets FIPS standards. If a user tries to import a certificate with encryption that is not compliant, the user receives an error message indicating that the certificate is not allowed and cannot be imported.
  • For
    iOS
    , when you build for testing with the x86 64-bit simulator, FIPS mode is not enforced. As a result, you might see a difference in behavior with the simulator compared to actual operation.
    BlackBerry
     recommends that you always test your app on actual
    iOS
     hardware and not rely exclusively on the simulation.
  • If you use the SDK dynamic framework, FIPS linking is not required.