iOS 6 for iPhones, iPads gets FIPS 140-2 certification
The newest version of Apple’s iOS, Version 6, has passed an important test for agency use, gaining FIPS 140-2 certification from the National Institute of Standards and Technology.
NIST recently added the Apple iOS CoreCrypto Kernel Module v3.0 to its Federal Information Processing Standard (FIPS) certification list. When operating in FIPS mode, the CoreCrypto met Level 1 of FIPS 140-2, which means it meets government security requirements.
According to the NIST validation summary, the module was tested on an iPhone 4, an iPhone 4S and an iPad (single-user mode) all running iOS 6.0. There is no indication whether NIST tested or plans to test it on newer devices such as the iPhone 5.
As “bring you own device” policies get implemented in more government agencies, network administrators will likely look at this announcement as good news for their employees who want to use their Apple mobile devices.
iOS 6 has had its share of security issues. CVE Details lists over 230 vulnerabilities, many of which have been resolved. One vulnerability allowed hackers to use a locked iPhone to access contacts and make calls.
So the FIPS certification is important, as agencies move toward mobile computing. The National Oceanic and Atmospheric Administration and U.S. Immigration and Customs Enforcement are moving to iPhones in a big way. And the Defense Department’s Commercial Mobile Device Implementation Plan calls for accommodating a range of mobile devices, including those running iOS.
Posted by Greg Crowe on May 09, 2013 at 9:39 AM