BlackBerry 10 receives FIPS Security Certification before official release

BlackBerry 10 receives FIPS Security Certification before official release
By Bla1ze on 8 Nov 2012 01:58 am EST

After having recently announced their milestone point of entering carrier lab testing, RIM has now announced that BlackBerry 10 has recieved FIPS security certifcation ahead of its consumer launch. So what does that mean for BlackBerry 10 and RIM?

“Achieving FIPS 140-2 certification means that BlackBerry 10 is ready to meet the strict security requirements of government agencies and enterprises at launch,” said Michael K. Brown, Vice President, Security Product Management and Research at RIM.

“What differentiates BlackBerry is that it integrates end-to-end security, and includes certified encryption algorithms for data at rest and data in transit. No other mobile solution has achieved the level of security accreditation that the BlackBerry solution has.”

For RIM, this a huge step as it helps solidify their reputation as being a secure platform and enables them to remain highly competitive in the government, enterprise and consumer sectors. If you're looking for the full press release, you'll find it down below for your viewing pleasure.

BlackBerry 10 Receives FIPS Security Certification Ahead of Launch

Waterloo, ON – Research In Motion (RIM) (NASDAQ: RIMM, TSX: RIM) today announced that the BlackBerry® 10 platform is now FIPS 140-2 certified. The certification will enable government agencies to deploy BlackBerry® 10 smartphones and BlackBerry® Enterprise Service 10, RIM’s new mobile enterprise management solution, from the day of launch. This is the first time BlackBerry products have been FIPS certified ahead of launch.

FIPS (Federal Information Processing Standard) certification provides confidence to security-conscious organizations, including U.S. and Canadian government agencies, companies in regulated industries and other organizations dealing with sensitive information, that data stored on smartphones running BlackBerry 10 can be properly secured and encrypted.

“Achieving FIPS 140-2 certification means that BlackBerry 10 is ready to meet the strict security requirements of government agencies and enterprises at launch,” said Michael K. Brown, Vice President, Security Product Management and Research at RIM. “What differentiates BlackBerry is that it integrates end-to-end security, and includes certified encryption algorithms for data at rest and data in transit. No other mobile solution has achieved the level of security accreditation that the BlackBerry solution has.”

FIPS 140 is issued by the National Institute of Standards and Technology (NIST) to coordinate the requirements and standards for certifying cryptographic modules. The standard was developed through the Cryptographic Module Validation Program (CMVP), which certifies products for use by U.S. government agencies and regulated industries that collect, store, transfer, share and disseminate sensitive information. Product certifications under the CMVP are performed in accordance with the requirements of FIPS 140-2. It is supported by the Communications Security Establishment (CSE) for the Canadian government.

"IDC expects the mobile enterprise security market to experience a high rate of growth from 2012 to 2016,” said Stacy Crook, Program Manager for Mobile Enterprise research at IDC. “Maintaining the BlackBerry solution's reputation for security while introducing an enhanced user experience gives BlackBerry 10 the opportunity to be a highly competitive platform in the government, enterprise and consumer sectors.”

BlackBerry products and solutions are protected by best-in-class AES 256-bit encryption, a highly secure, internationally recognized data protection standard. In addition to FIPS certifications, BlackBerry products have continuously passed rigorous security assessments from a variety of other independent organizations around the world. The BlackBerry® Enterprise Solution is the first mobile platform to achieve Common Criteria Certification, a standard recognized by 26 countries, as well as the first to receive approval through the CESG Assisted Product Scheme (CAPS), the National Technical Authority for Information Assurance in the United Kingdom. BlackBerry® 7 smartphones meet Common Criteria security assurance level EAL 4+. The BlackBerry® PlayBook™ is the first FIPS certified tablet for deployment within U.S. federal government agencies and certified for use by the Defence Signals Directorate of the Australian Government.

“Achieving FIPS certification for an entirely new platform in a very short period of time, and before launch, is quite remarkable and a testament to the dedication of our security team,” said David MacFarlane, Director, Security Certifications at RIM.  “BlackBerry 10 will deliver security, a superior user experience, the ability to separately manage corporate and personal data on the same device, and ease of manageability for IT managers in an enterprise or government environment.”

For more information about security and the BlackBerry platform visit

About Research In Motion

Research In Motion (RIM), a global leader in wireless innovation, revolutionized the mobile industry with the introduction of the BlackBerry® solution in 1999. Today, BlackBerry products and services are used by millions of customers around the world to stay connected to the people and content that matter most throughout their day. Founded in 1984 and based in Waterloo, Ontario, RIM operates offices in North America, Europe, Asia Pacific and Latin America. RIM is listed on the NASDAQ Stock Market (NASDAQ: RIMM) and the Toronto Stock Exchange (TSX: RIM). For more information, visit or

Forward-looking statements in this news release are made pursuant to the "safe harbor" provisions of the U.S. Private Securities Litigation Reform Act of 1995 and applicable Canadian securities laws. When used herein, words such as "expect", "anticipate", "estimate",  "may",  "will", "should", "intend," "believe", and similar expressions, are intended to identify forward-looking statements. Forward-looking statements are based on estimates and assumptions made by RIM in light of its experience and its perception of historical trends, current conditions and expected future developments, as well as other factors that RIM believes are appropriate in the circumstances. Many factors could cause RIM's actual results, performance or achievements to differ materially from those expressed or implied by the forward-looking statements, including those described in the "Risk Factors" section of RIM's Annual Information Form, which is included in its Annual Report on Form 40-F (copies of which filings may be obtained at or These factors should be considered carefully, and readers should not place undue reliance on RIM's forward-looking statements. RIM has no intention and undertakes no obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise, except as required by law.

BlackBerry, RIM, Research In Motion and related trademarks, names and logos are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world.  All other brands, names and marks are the property of their respective owners. RIM is not responsible for any third party products or services.

Reader comments

BlackBerry 10 receives FIPS Security Certification before official release


This alone shows rim have the most secure smartphone on the market, and insures there will be blackberry 10 smartphones sales to many government agencies and not only consumers.

10 x your money on the stock.

Disclosure: I have no positions in any stocks mentioned above, but may initiate a long position in RIMM over the next 12 hours. I wrote this statement, and it expresses my own opinions. I am not receiving compensation for it. I have no business relationship with any company whose stock is mentioned in that statement.

It's good thing but not a big deal..All BB OSs were certified. The interesting thing is that the os is not finalized or released and yet certified.

I don't about that. Seeing how BB10 is a complete new platform than legfacy BB OS I think it's a bigger deal that you make it out to be.

Granted if this was BB 8 it wouldn't be a big deal because it would have been built off of the old OS and therefore have the security aspect already in it(assumption from my non-developing mind).

As for you're interesting point, I agree but then again as much as the consumer market says that the apps have to be in place for the launch, the government and business market will say that this part needs to be in place as well.

Either way, it's another step to changing the smartphone market (after creating it!)... Well done Thors keep it up.

I feel the same way. Then again, I know NOTHING of what is going on inside RIM.

That being said: BB10 to launch January 14th

I think a lot of companies looking at the ease of developing corporate apps and since android and iOS offer that already in-market, this is what pull them that way, HOWEVER, since BB10 will offer that ease of app development as well as military grade security, companies that left WILL give RIM another look. Most companies value their security a lot, but also know the employees help make them what they are today. Its a win win.

RIM is also making a smart move too. Get the phone in the corporate space where they give a BB10 phone to their employees, employees see how good the phones are, they start showing their friends and that becomes another source of FREE marketing.

It is a big deal when you factor in that not a single line of code from BB7 made it into BB10 (according to Thorsten) AND they achieved this certification prior to launch (something that has never been done with a previous BB).

It is great news that they can start to market the phones to the US government and guarantee compliance before launch. Especially given the recent Pentagon call for a MDM solution to handle iOS and Android devices.

I just may be out of the loop, but do you know if iOS and android are certified with something similar? or is it JUST BB?

Those guys aren't even close. There was a post recently on CB that showed how far back the other platforms are and that was comparing to the now "out-going" 15 year old OS.

For this news to come now, RIM is doing things right. Will be interesting to see how the Street responds.

The Crypto code in iOS 5 got its CAVP (algorithm validation), but the system as a whole still does NOT have FIPS.. No Apple product has ever received a FIPS validation as far as I'm aware, even though they've been submitting to the process for over 10 years (starting with their Mac products).. Why? Utter stupidity and some poor architecture on their part.. They keep messing with the crypto code with every release instead of keeping a core algorithm library, so every time they issue an OS update, they've changed something affecting crypto, which means that all the progress made towards getting a FIPS certification on the previous version has to now get thrown out and everything re-submitted, and they start at the bottom of the queue again, so even though they keep submitting for certification, every time they change anything that even remotely affects the crypto code, they have to re-submit and so they never get to the end of the process and actually achieve validation. RIM on the other hand has a very streamlined and rock solid set of crypto libraries which they are very careful to ensure that routine code changes in the rest of the product don't affect the crypto operation, and thus, resubmissions go very quickly for them (it also helps that they submit through Canadian certification labs where the queues are much shorter vs. the US labs that Apple uses, where there are so many other companies submitting for FIPS that it takes them forever (and again, every time they change something that affects the way crypto is used, they go back to the bottom).. It also doesn't help that Apple is not really very interested in catering to the Government and Enterprise space- they make billions on consumer sales and enough corporate users are willing to forgo some security and accept their product as-is, that Apple is probably not very committed to achieving FIPS, if it only nets them millions vs. billions)..

On the other side of the coin, there's Android, and in fact, Samsung actually has a few devices, which, with their customization of Android, have achieved FIPS certification; Samsung in general seems much more committed to device security than Apple- their "SAFE" version of Android which claims to implement over 300 IT Policy controls - not a BlackBerry by any stretch, but it certainly gives an enterprise much more control over the device than Apple does..

LOOOOOOOOLLLLLLLLLLLLL AT 15 pages of a stupid thread. LOOOOOOOOOOOOOOL at BANNING ME 2ce for saying this before it being published. AND FINALLY LOOOOOOOOOOOOOOOOOOOOOL at the competition who, even after years of being in development cannot receive this certification.

BlackBerry PlayBook 32GB & Torch 9810

What thread?

Ah but the competition has netflix, we know how important that is to government.

At the same time that this great news is coming out, another article is getting press everywhere indicating that BB10 is DOA. Why. Is there always so,etc negative news every time there is positive. Bloomberg news wrote it up to sound like his report led to a 9% drop in stock price today.

"Research In Motion Ltd. (RIMM) fell the most since June after Pacific Crest Securities said the company’s new BlackBerry 10 operating system, the linchpin of its comeback plan, may be dead on arrival.
“We believe BB10 is likely to be DOA,” James Faucette, a Pacific Crest analyst in Portland, Oregon, said in a report. He has the equivalent of a sell rating on the shares. “We expect the new OS to be met with a lukewarm response at best and ultimately likely to fail.”!! "

I am still buying mine on release... These analysts can go...

Amazing that James Faucette was able to cause that to happen. Normally they back stuff up with data like a survey or something. Instead, he just gave his own personal subjective opinion.

I have a personal subjective opinion too! If I yell it loud enough, will the stock go up?

BGR posted this same article... with their usual anti-RIM spin. They stated that this comment by Faucette made the stock drop... but nobody considered that the entire market was down yesterday because of the Obama re-election.. not because some analyst was making wild azz predictions about RIM. RIM was merely down $.80. Apple stock was down over $22 and Google stock was down over $14...

As I stated before, if these "analysts" were so smart and insightful, they would be running and leading organizations, making key strategic decisions, controlling, managing and being accountable for business operations rather than taking an external arm chair position dispensing opinions with little validation and accountability.

Analysts are much like 'expert consultants'. They have no shortage of ideas of how to do things, but rarely stay around to be accountable for them when things don't go right.

Hey "James Faucette, a Pacific Crest analyst in Portland, Oregon"....betcha you're an iPhone user? Did your iPhone Map app project a Romney win in Brazil".

Professional sports teams often cut out and hang newspaper articles in their locker rooms that convey negative press expressed about their own teams. They use this as motivation to get their players to step up and respond.

I wonder if RIM is collecting all of these articles and posting them in the offices of their developers? RIM, step up and make it count.

I completely agree with you. Those armchair "experts" making comments like that makes you really wonder. In fact not only makes you wonder why they are not filthy rich managers in top company positions if they know everything like teenagers, but instead need to get thrown a few chewed on bones by daddy Apple to repeat the garbage they tell him to. Or perhaps they don't even get paid for it but blackmailed to spread garbage. Who knows. But man if I was THAT good, I wouldn't be such an umbrella patcher scribbling for some insignificant spam popup page.

I was about to ask a similar question. I seem to remember others thinking this would take months after launch. Some people are blinded by love and other by hate.

Sounds good but other vendors such as iOS or Android platform are already being approved to be used in Government agencies...

+1 JOBS also said the PLAYBOOK was DOA because of its screen size. and now we have the CrapPad Mini. Double Standards at their finest

FIPS. Is Certicom Encryption. Certicom ECC Solution is the ONLY Solution for REAL Security.

Certicom Suite B is not just for government use, however. As with other technologies in the past, the U.S. Government has led the way in what it considers adequate for secure communications. Many corporations have sensitive intellectual property online and/or electronically process sensitive information. Suite B algorithms are also appropriate in these types of situations. For applications outside the government and government applications outside the NSA “Field of Use”, Certicom offers the Security Builder Crypto (commercial) and Security Builder GSE (FIPS 140-2 certified) toolkits to enable rapid incorporation of Suite B compliant cryptography.

Certicom is a RIM Company since 2009

Good news. This is one of the reasons that I love my Blackberry. Now if RIM would give us the official realese date for BB10 that would be excelent news. :)

But I read somewhere that BB 10 was vapourware .................... do they Certifiy vapourware these days?

Great news and a big surprise too.


All those jerks who are/were calling Bb10 vaporware should go back to their dark dirty corners.

That is the new buzzword tossed around by Apple and Android fanboys that are scared of the power and potential of QNX/BB10.. "It is vapourware" .. actually, it isn't because it is running on my PlayBook as we speak.. smh

DOA and then FIPS certified less than 24 hours later.

I think BB10 is officially unDEAD! Other OSes have gotten stale or are get boring and repetitive and copied.

The competition can not stop an OS that is unDEAD! Go ZomBB1OS!

/Device agnosticism or bust!

They really mean 'business' considering the measure they're taking to get this platform off the ground.

You can't say that RIM is not working hard enough when you see stuff like this. This is unprecedented for a launch of this kind - Having certification this early.

Goes to show they're not lying down and that what they're good at, they aren't giving up on!

I think this would be a bigger deal if BB10 wasn’t FIPS certified. It shouldn’t come as a surprise to anyone that the company which owns the government market would not bake that into their next operating system. If anything, this tells me that RIMM is closer to having a finished product to launch and that’s good.

What’s more concerning though is what does FIPS mean to the average consumer... it’s just another acronym like SoC or PPI...

I read the research report about BB10 being DOA... I don’t value anything that research analyst have to say especially when it comes to new technology. The one thing to consider though is what is compelling enough about BB10 to get non-blackberry users excited, FIPS, SIPS, DIPS or FLOPS isn’t going to do it. RIMM really needs to start seeding these devices in the hands of the non faithful tech users where they can help build excitement.

The US President rolls w/a blackberry yes, but he also uses an Ipad in his morning debriefs...

this is great and all but still a little confused on the security end. i can control my phones from an admin perspective with a BES which has hundreds of policies i can manipulate. i have seen recent BDS architecture and the policies don't even come close to what the BES offers. this concerns me. i know people that are concerned about the lack of user defined interface on the BDS as well. this is very important from a custom application model. hopefully they get all their eggs in a basket - ready for release in Q1 2003.