VMware AirWatch helps thousands of organizations secure corporate data and applications on devices both at rest and in transit. While AirWatch always implements the latest recommended security processes and parameters by third-party regulatory bodies and analysts, increasingly the industry is seeking third-party validation of these practices and the implementation of encryption and security standards. The result is a fortified enterprise mobility solution our customers can use to help protect against malicious attacks and adhere to industry-specific regulations and compliance.
As part of the development process, AirWatch reviews mobile application code to ensure encryption and related functions performed by our architecture and application products properly utilize the most up-to-date cryptographic modules and Kerckhoffs’ principle as a design architecture.
As part of the process, AirWatch follows the National Institute for Standards and Technology (NIST) FIPS-recommended procedures for utilizing FIPS Validated Modules, a process termed by NIST as FIPS 140-2 Inside Validated.
The NIST Cryptographic Module Validated Program (CMVP) provides validation and usage guidance for operating system and cryptographic module vendors. We also have our code inspected by an independent CMVP Validated Laboratory to ensure our software code properly implements the NIST-prescribed procedures.
To achieve FIPS 140-2 Inside Validated status, AirWatch architecture and products leverage FIPS 140-2 Validated Modules from OpenSSL, Microsoft and Apple. We also ensure our code accurately follows the development guidance provided by these cryptographic module developers.
To ensure we properly have been implementing these encryption standards, AirWatch contracted an independent contractor, the Booz Allen Hamilton CMVP FIPS Validated Laboratory, to review the source code in:
- The core AirWatch platform architecture.
- iOS, Android and Windows 10 Software Development Kits (SDKs).
- Asserts AirWatch’s proper use of FIPS 140-2 Validated Modules.
- Details the underlying functions performed.
- Annotates the covered products.
- Cites the CMVP Certificate numbers for the modules utilized.
Because you liked this blog: