Be the first to hear the mobile news. Enter your email to join.

AirWatch Re-Enforces FIPS 140-2 Encryption with Booz Allen Hamilton Inside Validation

VMware AirWatch obtains third-party certification of FIPS 140-2 Validated Module usage across architecture and application products.

VMware AirWatch helps thousands of organizations secure corporate data and applications on devices both at rest and in transit. While AirWatch always implements the latest recommended security processes and parameters by third-party regulatory bodies and analysts, increasingly the industry is seeking third-party validation of these practices and the implementation of encryption and security standards. The result is a fortified enterprise mobility solution our customers can use to help protect against malicious attacks and adhere to industry-specific regulations and compliance.

As part of the development process, AirWatch reviews mobile application code to ensure encryption and related functions performed by our architecture and application products properly utilize the most up-to-date cryptographic modules and Kerckhoffs’ principle as a design architecture.

Free whitepaper: Next Generation Security for EMM & Cloud Environments

Free Whitepaper: Next Generation Security for EMM & Cloud Environments

As part of the process, AirWatch follows the National Institute for Standards and Technology (NIST) FIPS-recommended procedures for utilizing FIPS Validated Modules, a process termed by NIST as FIPS 140-2 Inside Validated.

The NIST Cryptographic Module Validated Program (CMVP) provides validation and usage guidance for operating system and cryptographic module vendors. We also have our code inspected by an independent CMVP Validated Laboratory to ensure our software code properly implements the NIST-prescribed procedures.

To achieve FIPS 140-2 Inside Validated status, AirWatch architecture and products leverage FIPS 140-2 Validated Modules from OpenSSL, Microsoft and Apple. We also ensure our code accurately follows the development guidance provided by these cryptographic module developers.

To ensure we properly have been implementing these encryption standards, AirWatch contracted an independent contractor, the Booz Allen Hamilton CMVP FIPS Validated Laboratory, to review the source code in:

  • The core AirWatch platform architecture.
  • iOS, Android and Windows 10 Software Development Kits (SDKs).

Booz Allen Hamilton provided a signed attestation letter, which:

  • Asserts AirWatch’s proper use of FIPS 140-2 Validated Modules.
  • Details the underlying functions performed.
  • Annotates the covered products.
  • Cites the CMVP Certificate numbers for the modules utilized.


To learn more about AirWatch’s industry-leading end-to-end security solutions, please visit our website here. Want to give AirWatch a try? Sign up for a free 30-day trial.

Because you liked this blog:

John Britton

John Britton

John Britton is the former director of product marketing for security at VMware End-User Computing (EUC).


Leave a Reply

Your email address will not be published. Required fields are marked *


Blog By Region

Blog By Category:

Well, hi, there! You're one click away from reaching mobile enlightenment.

Maybe next time