Approvals and Certifications

As a market leader in the area of information assurance and compliance, Research In Motion Limited (RIM) is committed to independent, third party approvals and certifications of BlackBerry® security. The BlackBerry® Enterprise Solution has been approved for storing and transmitting sensitive data by the North Atlantic Treaty Organization (NATO) as well as government organizations in the United States, Canada, the United Kingdom, Austria, Australia and New Zealand.

RIM is also currently active in:

• The Cryptographic Module Validation Program (i.e., FIPS 140-2 Validation Program) in North America
• The United Kingdom CESG Assisted Product Scheme (CAPS)
• The international Common Criteria evaluation scheme
• The Fraunhofer Institute for Secure Information Technology security assessment in Germany
• The Coverity Certified program

In July 2006, leading strategy and technology consulting firm Booz Allen Hamilton published the results of an independent evaluation of the BlackBerry® Smart Card Reader, which stated that the reader meets the security requirements of the U.S. Army.

• Government Approvals
• NATO Approval
• Cryptographic Module Validation Program
• CAPS Security Program
• Common Criteria Evaluation Scheme
• Fraunhofer-SIT Security Assessment
• Coverity Certification for the BlackBerry Smart Card Reader
• Booz Allen Hamilton Evaluation of the BlackBerry Smart Card Reader

Government Approvals

The BlackBerry Enterprise Solution has been approved for storing and transmitting sensitive data by several major government organizations.

Back to top

NATO Approval

NATO has approved the BlackBerry Enterprise Solution for the storage and transmission of data up to and including the NATO RESTRICTED classification.

Back to top

Cryptographic Module Validation Program

The Cryptographic Module Validation Program (CMVP) governs the conformance testing of cryptographic modules to Federal Information Processing Standard (FIPS) 140-2, "Security Requirements for Cryptographic Modules." The following BlackBerry cryptographic modules have earned FIPS 140-2 or FIPS 140-1 validations through the CMVP:

BlackBerry Cryptographic Kernel

The BlackBerry Cryptographic Kernel is the cryptographic module that provides the core cryptographic services required for BlackBerry smartphone functionality. All Java® enabled BlackBerry smartphones* contain the BlackBerry Cryptographic Kernel, which has been awarded the following FIPS 140-2 validations:

• FIPS 140-2 Validation Certificate no. 1146 - applicable to BlackBerry Device Software versions 4.7.0 and 4.7.1
• FIPS 140-2 Validation Certificate no. 1083 - applicable to BlackBerry Device Software versions 4.6.0 and 4.6.1
• FIPS 140-2 Validation Certificate no. 986 - applicable to BlackBerry Device Software version 4.5.0
• FIPS 140-2 Validation Certificate no. 939 - applicable to BlackBerry Device Software version 4.3.0
• FIPS 140-2 Validation Certificate no. 827– applicable to BlackBerry Device Software versions 4.2.1 and 4.2.2
• FIPS 140-2 Validation Certificate no. 791– applicable to BlackBerry Device Software version 4.2.0 and BlackBerry Smart Card Reader Software versions 1.5.0 and 1.5.1
• FIPS 140-2 Validation Certificate no. 593– applicable to BlackBerry Device Software version 4.1.0
• FIPS 140-2 Validation Certificate no. 500 – applicable to BlackBerry Device Software version 4.0 and BlackBerry Smart Card Reader Software version 1.0
• FIPS 140-2 Validation Certificate no. 360 – applicable to BlackBerry Device Software versions 3.6.1 – 3.7.1
• FIPS 140-2 Validation Certificate no. 357 – applicable to BlackBerry Device Software v3.6.0
• FIPS 140-2 Validation Certificate no. 312 – applicable to BlackBerry Device Software versions 3.3.0 and 3.3.1

BlackBerry Enterprise Server Cryptographic Kernel

The BlackBerry® Enterprise Server Cryptographic Kernel is the cryptographic module that provides the cryptographic services required for BlackBerry Enterprise Server functionality. The BlackBerry Enterprise Server Cryptographic Kernel has been awarded the following FIPS 140-2 validations:

• FIPS 140-2 Validation Certificate no. 591 – applicable to BlackBerry Enterprise Server versions 5.0 and 4.1.0 – 4.1.7
• FIPS 140-2 Validation Certificate no. 496 – applicable to BlackBerry Enterprise Server version 4.0
• FIPS 140-2 Validation Certificate no. 445 – applicable to BlackBerry Enterprise Server version 3.6

BlackBerry Cryptographic API (Algorithm implementations only)

The BlackBerry Cryptographic Application Programming Interface (API) is a suite of comprehensive cryptographic functionality provided by all Java enabled BlackBerry smartphones. Available for use by third party BlackBerry application developers, the implementations of cryptographic algorithms in the BlackBerry Cryptographic API have been awarded validation certificates for the following:

• BlackBerry Device Software versions 4.0 – 4.7.1

Back to top

CAPS Security Program

CESG is the United Kingdom National Technical Security Authority. The CESG Assisted Product Scheme (CAPS) has been designed to help private sector companies develop cryptographic products for use by the United Kingdom government and other appropriate organizations. The following products have been evaluated and approved for storing and transmitting data up to and including the RESTRICTED classification level:

• BlackBerry Device Software versions 4.0 – 4.5.0
• BlackBerry Enterprise Server versions 4.1.0 – 4.1.7 and 4.0
• BlackBerry Smart Card Reader Software versions 1.0 – 1.5.1

Back to top

Common Criteria Evaluation Scheme

The Common Criteria is an international evaluation scheme of IT security products and systems. Common Criteria evaluation results are recognized by 26 countries, including Australia, Canada, France, Germany, the United Kingdom and the United States of America. The following BlackBerry products have obtained a Common Criteria EAL 2+ certification:

• BlackBerry Device Software versions 4.1.0 – 4.7.1 (PDF)
• BlackBerry Enterprise Server versions 4.1.3 – 4.1.6 (PDF)

The BlackBerry Enterprise Solution is the first wireless platform to earn Common Criteria EAL 4+ certification. The following BlackBerry products have obtained EAL 4+ certification:

• BlackBerry Enterprise Server version 5.0 (PDF)

Back to top

Fraunhofer-SIT Security Assessment

The Fraunhofer Institute for Secure Information Technology (Fraunhofer-SIT) is one of the leading and most respected IT security organizations in Germany and Europe. Fraunhofer-SIT provides security consulting, assessment and certification services. Fraunhofer-SIT successfully completed an in-depth security analysis of the BlackBerry® Enterprise Solution for mobile email and data push-services.

• Fraunhofer Institute SIT Certification Report (PDF)
• Fraunhofer Institute SIT certifies BlackBerry Enterprise Solution (PDF)

Back to top

Coverity Certification for the BlackBerry Smart Card Reader

Coverity Prevent is a comprehensive and accurate source code analysis system, combining breakthrough academic research with years of industry experience. Following a rigorous testing process, the BlackBerry Smart Card Reader has obtained the Coverity Certification for Secure Code Level 2 and the Coverity Certification for Quality Code Level 2.

Back to top

Booz Allen Hamilton Evaluation of the BlackBerry Smart Card Reader

In order to ensure that the BlackBerry Smart Card Reader complies with its stringent security standards, the United States Army hired leading strategy and technology consulting firm Booz Allen Hamilton to perform an independent evaluation. The study demonstrated that the BlackBerry Smart Card Reader meets the U.S. Army security requirements. The results were a further validation of the security model of the BlackBerry Smart Card Reader.  For more information, see the Booz Allen Hamilton press release.

Back to top

*All BlackBerry smartphones are Java enabled with the exception of the RIM® 850, RIM® 857, RIM® 950 and RIM® 957 devices.