The FIPS certification from the National Institute of Standards and Technology gives Samsung a temporary market-niche edge to exploit in its rivalry with Apple and other device makers. Under the Federal Information Security Management Act of 2002, non-military federal agencies, U.S. government contractors and regulated American industries in the financial and health-care sectors are required to use FIPS-certified computing devices.
Samsung said it proactively sought FIPS certification to show the mobile-device maker’s current and potential government and business customers that the company takes their security and interoperability needs seriously.
“This certification is a testament to the high level of enterprise business-readiness of our premium smartphones and tablets,” said Cho BumCoo, senior vice president of the Enterprise Solution Team at Samsung Electronics.
Protecting Sensitive Data
The entire FIPS standard includes modified versions of several global specifications already developed by the American National Standards Institute, the Institute of Electrical and Electronics Engineers, and the International Organization for Standardization. However, the FIPS 140-2 certification awarded to Samsung this week specifically pertains to the cryptographic-based security systems used to protect the confidentiality and integrity of sensitive or valuable .
FIPS 140-2 covers the secure design and implementation of an entire cryptographic module — from encryption and authentication to digital signatures and key management. What’s more, the standard specifies four ascending security levels that collectively cover the range of potential and environments in which cryptographic modules may be employed.
For example, Level One merely calls for the use of an approved security algorithm or function. By contrast, Level Four requires that the entire cryptographic module be encased in an envelope capable of detecting and responding to all unauthorized attempts at physical access.
According to NIST, the principal goal of its cryptographic module validation program is to help private and public sector organizations make informed purchasing decisions concerning the devices they elect to use for collecting, storing, transferring, sharing and disseminating sensitive but unclassified information.
Boosting Enterprise Security
Samsung Electronics recently unveiled its own Samsung Approved for Enterprise security certification program for smartphones and tablets configured specifically for enterprise use. Among other things, SAFE supports virtual private network connectivity, device encryption and Exchange device management policies.
“The FIPS certification takes Samsung’s B2B-readiness to an even higher level and ensures our devices are now equipped for use in U.S. government agencies and other regulated industries,” said Samsung Mobile Vice President Tim Wagner.
Meanwhile, Apple is still working on gaining FIPS 140-2 security certification for its iPhone and iPad devices. As of last Monday, NIST was still evaluating the performance of two iPhone cryptographic modules as well as an additional module for another unspecified device from Apple.
By contrast, Research In Motion received FIPS security certification for its BlackBerry smartphone platform in 2003 and added clearance for its PlayBook media tablet in July of last year.
FIPS certification enables “the U.S. federal government to buy with confidence knowing that the PlayBook meets their computing policy requirements for protecting sensitive information,” said Research In Motion Senior Vice President Scott Totzke.