BlackBerry 10 is FIPS certified in advance of platform's release

Move comes after some U.S. agencies switch from BB to iPhone

After several federal agencies said they will stop using BlackBerry devices and switch to iPhones, Research In Motion took the unusual step today of announcing a tough security certification for BlackBerry 10 in advance of the device's launch next quarter.

This is the first time that a BlackBerry product has been certified as meeting the Federal Information Processing Standard (FIPS) ahead of launch, RIM said in a statement.

The certification means that U.S. government agencies around the globe will be able to deploy BlackBerry 10 smartphones and BlackBerry Enterprise Service 10 from the day of launch, set for sometime in the first quarter, RIM said. FIPS 140-2, in this case, recognizes the AES 256-bit encryption used by BlackBerry devices.

FIPS 140 certification is issued by the National Institute of Standards and Technology, which certifies products for use by U.S. government agencies and regulated industries that handle sensitive information.

The FIPS certification is also supported by the Communications Security Establishment for the Canadian government. And BlackBerry security is also recognized by the Common Criteria Certification, a security clearance used by 26 countries, RIM noted.

"What differentiates BlackBerry is that it integrates end-to-end security and includes security encryption algorithms for data at rest and data in transit," said Michael Brown, vice president of security product management at RIM. "No other mobile solution has achieved the level of security accreditation that the BlackBerry solution has."

U.S. government agencies, including Immigration and Customs Enforcement (ICE), the Bureau of Alcohol, Tobacco, Firearms and Explosives, and the National Oceanic and Atmospheric Administration announced earlier this year that they planned to switch from BlackBerry devices to iPhones for their employees. In the case of ICE, the switch to iPhones affects more than 17,600 users.

While the focus at RIM is on the high level of security in its products, some U.S. government officials have said the iPhone, with a better touchscreen and Web browser, offers greater ease of use for workers than BlackBerry devices do.

In justifying the iPhone purchases, ICE said that Apple also has strict control of the iPhone hardware and operating system and gives the agency the greatest degree of control and management to ensure reliable services to users. ICE also ranked RIM lower than Android and Apple devices on commercial viability and called RIM a laggard in the consumer market.

RIM told recently that it still has 1 million government customers in North America, and about 400,000 of them upgraded their BlackBerry devices in the past year.

Despite the rejection of BlackBerry by some federal agencies, the platform is still seen as the gold standard in security for mobile devices used by enterprise and government workers, according to many analysts. Stacy Crook, an analyst at IDC, said if RIM can maintain its reputation for security while enhancing the user experience, it will give "BlackBerry 10 the opportunity to be a highly competitive platform in the government, enterprise and consumer sectors."

A RIM spokeswoman said the certification announcement was made primarily to reflect an important milestone for BlackBerry 10 and as an indication that it is on track for release in the first quarter of 2013.

Matt Hamblen covers mobile and wireless, smartphones and other handhelds, and wireless networking for Computerworld. Follow Matt on Twitter at @matthamblen, or subscribe to Matt's RSS feed. His email address is

See more by Matt Hamblen on

Read more about smartphones in Computerworld's Smartphones Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Government ITMobile/Wirelessresearch in motionconsumer electronicsNetworkingsecuritywirelesssmartphonesRIMmobile

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matt Hamblen

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place