Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > iOS 6 security gets FIPS 140-2 Level 1 certification

iOS 6 security gets FIPS 140-2 Level 1 certification
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
May 7, 2013, 02:36 PM
A cryptographic component in iOS 6 has received FIPS (Federal Information Processing Standard) 140-2 Level 1 security certification from the US National Institute of Standards and Technology, says TUAW. In particular, the NIST says that when running in FIPS mode, iOS 6's CoreCrypto Kernel Module 3.0 "generates cryptographic keys whose strengths are modified by available entropy." The module is identified as "a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."

Level 1 certification reflects a relatively low level of security, since there are no special physical measures involved. CoreCrypto was reportedly tested on an iPhone 4, iPhone 4S, and an iPad, but it's unconfirmed if the FIPS certification carries over to any device capable of running iOS 6.

The approval may be a significant step towards wider US government adoption of iOS devices. iOS 6 is already believed to be on the path to getting Department of Defense approval, which could eventually see it and/or Android replacing BlackBerry phones for some purposes.
Senior User
Join Date: Mar 2009
Location: pacific northwest
Status: Offline
Reply With Quote
May 7, 2013, 03:44 PM
Check out http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm for approved modules. It says it is approved for iOS6 on both iPhone and iPad. The remaining iOS CoreCrypto Module is still under the finalization step (same step for OSX CoreCrypto Kernel Module and OSX CoreCrypto Module). Once the basic CoreCrypto Module has received FIPS 140-2 approval, any application making use of the iOS cryptographic suite will be able to make use of the FIPS certification removing one more barrier to governmental use. Of course, these barriers are more political than technical and serve are a justification NOT to use a particular product more than they are used to justify using one. Apple does not pursue certification on every iOS or OSX version since it takes so long to go through the approval process. If a highly placed manager wants a particular product that doesn't have FIPS certification, there are always ways to get around this technicality.
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Privacy Policy
All times are GMT -4. The time now is 03:20 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2