BlackBerry - Approvals and Certifications

At A Glance

BlackBerry Connect
BlackBerry Enterprise Solution
BlackBerry Security
- Advanced Security Features for Government
- Approvals and Certifications
- BlackBerry PlayBook Security Technical Overview
- Bulletins and Information
- Features
- IT Policy
- Knowledge Base
- Products
- Report a Security Issue
- BlackBerry Protect
- BlackBerry Balance
- Webcasts
Networks
Smartphone Features

As a market leader in the area of information assurance and compliance, Research In Motion Limited (RIM) is committed to independent, third party approvals and certifications of BlackBerry® security. The BlackBerry® Enterprise Solution has been approved for storing and transmitting sensitive data by the North Atlantic Treaty Organization (NATO) as well as government organizations in the United States, Canada, the United Kingdom, Austria, Australia and New Zealand.

RIM is also currently active in:

The Cryptographic Module Validation Program (i.e., FIPS 140-2 Validation Program) in North America
The United Kingdom Communications Electronic Security Group Assisted Product Scheme (CAPS)
The international Common Criteria evaluation scheme
The Fraunhofer Institute for Secure Information Technology security assessment in Germany
The Coverity Certified program

In July 2006, leading strategy and technology consulting firm Booz Allen Hamilton published the results of an independent evaluation of the BlackBerry® Smart Card Reader, which stated that the reader meets the security requirements of the U.S. Army.

Government Approvals
NATO Approval
Cryptographic Module Validation Program
CAPS Security Program
Common Criteria Evaluation Scheme

Government Approvals

The BlackBerry Enterprise Solution has been approved for storing and transmitting sensitive data by several major government organizations.

Nation	Organization	Maximum Classification Level
Canada	Communications Security Establishment	PROTECTED B
United Kingdom	Communications Electronic Security Group	RESTRICTED
Austria	Center for Secure Information Technology	Not specified
Australia	Defense Signals Directorate	RESTRICTED
New Zealand	Government Communications Security Bureau	RESTRICTED

NATO Approval

NATO has approved the BlackBerry Enterprise Solution for the storage and transmission of data up to and including the NATO RESTRICTED classification.

Cryptographic Module Validation Program

The Cryptographic Module Validation Program (CMVP) governs the conformance testing of cryptographic modules to Federal Information Processing Standard (FIPS) 140-2, "Security Requirements for Cryptographic Modules." The following BlackBerry cryptographic modules have earned FIPS 140-2 or FIPS 140-1 validations through the CMVP:

BlackBerry Cryptographic Kernel

The BlackBerry Cryptographic Kernel is the cryptographic module that provides the core cryptographic services required for BlackBerry smartphone functionality. All Java® enabled BlackBerry smartphones* contain the BlackBerry Cryptographic Kernel, which has been awarded the following FIPS 140-2 validations:

FIPS 140-2 Validation Certificate no. 1146 - applicable to BlackBerry Device Software v4.7.0 and v4.7.1
FIPS 140-2 Validation Certificate no. 827 – applicable to BlackBerry® Device Software v4.2.1 and v4.2.2
FIPS 140-2 Validation Certificate no. 791 – applicable to BlackBerry Device Software v4.2 and BlackBerry Smart Card Reader Software v1.5 and v1.5.1
FIPS 140-2 Validation Certificate no. 593 – applicable to BlackBerry Device Software v4.1
FIPS 140-2 Validation Certificate no. 500 – applicable to BlackBerry Device Software v4.0 and BlackBerry Smart Card Reader Software v1.0
FIPS 140-2 Validation Certificate no. 360 – applicable to BlackBerry Device Software v3.7.1, v3.7.0 and v3.6.1
FIPS 140-2 Validation Certificate no. 357 – applicable to BlackBerry Device Software v3.6.0
FIPS 140-2 Validation Certificate no. 312 – applicable to BlackBerry Device Software v3.3.1 and v3.3.0

BlackBerry Enterprise Server Cryptographic Kernel

The BlackBerry® Enterprise Server Cryptographic Kernel is the cryptographic module that provides the cryptographic services required for BlackBerry Enterprise Server functionality. The BlackBerry Enterprise Server Cryptographic Kernel has been awarded the following FIPS 140-2 validations:

FIPS 140-2 Validation Certificate no. 591 – applicable to BlackBerry Enterprise Server v4.1, v4.1.1, v4.1.2 and v4.1.3
FIPS 140-2 Validation Certificate no. 496 – applicable to BlackBerry Enterprise Server v4.0
FIPS 140-2 Validation Certificate no. 445 – applicable to BlackBerry Enterprise Server v3.6

BlackBerry Cryptographic API (Algorithm implementations only)

The BlackBerry Cryptographic Application Programming Interface (API) is a suite of comprehensive cryptographic functionality provided by all Java enabled BlackBerry smartphones. Available for use by third party BlackBerry application developers, the implementations of cryptographic algorithms in the BlackBerry Cryptographic API have been awarded validation certificates for the following:

BlackBerry Device Software v4.2
BlackBerry Device Software v4.1
BlackBerry Device Software v4.0

CAPS Security Program

CESG is the United Kingdom National Technical Security Authority. The CESG Assisted Product Service (CAPS) has been designed to help private sector companies develop cryptographic products for use by the United Kingdom government and other appropriate organizations. BlackBerry has been approved for use at RESTRICTED (IL3), when configured and used in line with CESG guidance. This approval is based on a CAPS-style evaluation. The following products have been evaluated and approved:

BlackBerry Smartphone versions 5.0, 6.0
BlackBerry Enterprise Server versions 5.0.1+
BlackBerry Smart Card Reader Software version 2.0

If you are using a software version older than those listed above, RIM recommends updating to one of the listed versions.

Common Criteria Evaluation Scheme

The Common Criteria is an international evaluation scheme of IT security products and systems. Common Criteria evaluation results are recognized by 25 countries, including Australia, Canada, France, Germany, the United Kingdom and the United States of America. The following BlackBerry products have obtained a Common Criteria EAL 2+ certification:

BlackBerry Device Software v4.2.2
BlackBerry Device Software v4.2.1
BlackBerry Device Software v4.2
BlackBerry Device Software v4.1
BlackBerry Enterprise Server v4.1.4
BlackBerry Enterprise Server v4.1.3

The BlackBerry Enterprise Solution is the first wireless platform to earn Common Criteria EAL 4+ certification. The following BlackBerry products have obtained EAL 4+ certification:

BlackBerry Enterprise Server v5.0

*All BlackBerry smartphones are Java-enabled with the exception of the RIM® 850, RIM® 857, RIM® 950 and RIM® 957 devices.