[kennyliu]

I know this has been posted in Android Forums but I thought this may be relevant to the Playbook as well as it means more competition for it. This is good for all of us as RIM will have to further differentiate the Playbook by introducing more (professional?) or improving existing features in order to compete for the government sector.

http://www.engadget.com/2012/01/16/s...d-certified-f/

[rustmonkey]

Hmmm... Just a low-level basic encryption certification... Nothing to see here, move along Don't start worrying yet...


Sent from my BlackBerry 9930 using Tapatalk

[Tre Lawrence]

http://forums.crackberry.com/android...cation-687976/

LOL @ low level.

[rotorwrench]

LOL Yeah, low level security encryption. Read the IT Enterprise blogs and forums, Android is one big security nightmare. No security sensitive enterprise corp will go anywhere near it. I was told it failed miserably my company's security standards during evaluations last fall. Low level encrypt isn't going to get it in the door. The only real potential competition RIM has there is possibly the new security platforms that Windows is working up for their phones and tablets. And easily integrateable too.

[Tre Lawrence]

LOL Yeah, low level security encryption. Read the IT Enterprise blogs and forums, Android is one big security nightmare. No security sensitive enterprise corp will go anywhere near it. I was told it failed miserably my company's security standards during evaluations last fall. Low level encrypt isn't going to get it in the door. The only real potential competition RIM has there is possibly the new security platforms that Windows is working up for their phones and tablets. And easily integrateable too.

You call the the same certification that RIM has "low level"? Please share how a FIPS-certified device failed your company's evaluations... oh... my bad: you said last fall.

FIPS is a major deal, no matter how you cut it. RIM has it, select Android devices have it, and iOS is working hard to get the "low level" encryption the DoD requires.

Mobile post via Tapatalk

[alnamvet68]

Hmmm... Just a low-level basic encryption certification... Nothing to see here, move along Don't start worrying yet...


Sent from my BlackBerry 9930 using Tapatalk

Yep! Nothing at all.

[grncherry1]

LOL Yeah, low level security encryption. Read the IT Enterprise blogs and forums, Android is one big security nightmare. No security sensitive enterprise corp will go anywhere near it. I was told it failed miserably my company's security standards during evaluations last fall. Low level encrypt isn't going to get it in the door. The only real potential competition RIM has there is possibly the new security platforms that Windows is working up for their phones and tablets. And easily integrateable too.

Now I get it, there is a special certification for RIM and another type for all others.

[Tre Lawrence]

Now I get it, there is a special certification for RIM and another type for all others.

LOL... yep. Now that other devices have finally achieved FIPS, it is "low level."

It is truly funny.

"4 legs good, two legs bad."

Mobile post via Tapatalk

[_StephenBB81]

Samsungs FIPS

SAMSUNG SSD PM810 SED FIPS 140 Module
(Hardware Versions: MZ5PA128HMCD-010D9 and MZ5PA256HMDR-010D9; Firmware Version: AXM96D1Q)

Validated to FIPS 140-2

Overall Level: 2

-FIPS-approved algorithms: AES (Cert. #1637); SHS (Cert. #1442); HMAC (Cert. #963); RNG (Cert. #878)

-Other algorithms: N/A
Multi-chip standalone

"SAMSUNG SSD PM810 SED FIPS 140 Module provides high-performance AES-256 cryptographic encryption and decryption of the data stored in NAND Flash via SATA interface. The PM810 encryption/decryption creates no degradation in performance compared to non-encrypted SSD. The PM810 supports both the ATA Security Feature Set and TCG Opal SSC. Security Functionalities include user authentication for access control via ISV TCG Opal support, user data encryption for data protection, and instantaneous sanitization of user drive data via cryptographic erase for repurposing or disposal."

The PlayBooks FIPS

BlackBerry Tablet Cryptographic Kernel
(Software Version: 5.6)


Validated to FIPS 140-2


Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with BlackBerry� Tablet OS Version 6.6 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #1053); AES (Cert. #1608); SHS (Cert. #1421); HMAC (Cert. #944); RNG (Cert. #862); DRBG (Cert. #81); DSA (Cert. #499); ECDSA (Cert. #199); RSA (Cert. #790); KAS (Cert. #13; key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

-Other algorithms: DES; DESX; AES CCM* (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECIES; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)
Multi-chip standalone

"The BlackBerry Tablet Cryptographic Kernel is a software module that provides the cryptographic functionality required, for basic operation of the BlackBerry� PlayBook�"

Hmmm... Just a low-level basic encryption certification... Nothing to see here, move along Don't start worrying yet...

While I wouldn't call it "Low-level basic encryption, it certainly isn't enough to unseat RIMs position as Samsungs security clearance is that of a mail clerk, to RIM's high level Agent. but it is a feat for Samsung to achieve none the less

You call the the same certification that RIM has "low level"? Please share how a FIPS-certified device failed your company's evaluations... oh... my bad: you said last fall.

FIPS is a major deal, no matter how you cut it. RIM has it, select Android devices have it, and iOS is working hard to get the "low level" encryption the DoD requires.

Did you bother to read about the Certification from the source? They don't possess the same certifications, they have the same heading, but that is like saying that the 16 year old kid with a drivers license and a Transport truck driver have the same license.

It is Great samsung got their foot in the door, but there is a long hallway they still have to walk down.

[Tre Lawrence]

My understanding is that RIM and these specific Samsung devices can be used in Federal agencies. Is that incorrect?

Where could the PB be used that the Galaxy Tab can't be due to the different levels?

Mobile post via Tapatalk

[alnamvet68]

Playbook - NSA

Samsung - Local Post Office

[Tre Lawrence]

Playbook - NSA

Samsung - Local Post Office

LOL. I like that.

Mobile post via Tapatalk

[_StephenBB81]

My understanding is that RIM and these specific Samsung devices can be used in Federal agencies. Is that incorrect?

Where could the PB be used that the Galaxy Tab can't be due to the different levels?

Mobile post via Tapatalk

I am not in the US federal government so I can't tell you where the clearances are different

BUT Samsungs devices have a lower level clearance than the RIM devices

Samsung devices have 4 FIPS Approved Algorithms, BlackBerry Devices have 10 FIPS Approved Algorithms

[grncherry1]

Playbook - NSA

Samsung - Local Post Office

That's cool, heck of a lot more postal workers than NSA workers. Translates into more sales. It's all about sales. And no phone is needed to make it fully functional.

[alnamvet68]

That's cool, heck of a lot more postal workers than NSA workers. Translates into more sales. It's all about sales. And no phone is needed to make it fully functional.

Uh huh....tell that to the folks at Rolls Royce, who are sitting real comfortably and financially secure selling less then 2000 cars per year.

[Tre Lawrence]

Uh huh....tell that to the folks at Rolls Royce, who are sitting real comfortably and financially secure selling less then 2000 cars per year.

But can RIM do the same?

Mobile post via Tapatalk

[alnamvet68]

But can RIM do the same?

Mobile post via Tapatalk

I don't see why not; the company is debt free, and has reportedly almost 3 billion dollars in cash and investments.

[qbnkelt]

My understanding is that RIM and these specific Samsung devices can be used in Federal agencies. Is that incorrect?

Where could the PB be used that the Galaxy Tab can't be due to the different levels?

Mobile post via Tapatalk

There are different levels of FIPS certification just as there are different levels of federal government security.

Example - Smithsonian Museum vs. CIA.

You could absolutely introduce a level 2 tablet into the Smithsonian since the sensitivity level is moderate. At the CIA, you would need a much higher security level.

I am by no means making light of Samsung's achievement, but this certification should not give anyone the impression that the higher level security agencies will embrace Android *until* its well known security woes are addressed. The much maligned Playbook can enter highly secure environments by virtue of its higher level and the fact that it does not store email natively. That which the industry has maligned has made it usable in certain closed environments.

Frankly I am very surprised that an Android device has received this certification. I was fully expecting Apple to get it first.

This is a good thing for Android fans. But it is not the nail in the coffin that BB haters would have it be.

***One last thought....don't forget that Good or AES do not do near the necessary job with security that BES does. It's not about syncing, it's about control. I do not foresee the federal government secure agencies migrating away from BES and to Good or AES. Not unless some major changes happen in them. BES has a foothold in the federal government that, contrary to what anti-RIM haters would like, is hard to break. Spending the cash to migrate away from BES would mean some tough selling on the Hill, and with the economy the way it is, it will not be an easy sell.

[grncherry1]

I don't see why not; the company is debt free, and has reportedly almost 3 billion dollars in cash and investments.

Therein lies the problem, arrogance. You would think they learned from their mistake of thinking the consumer would buy the PB and a phone to go with it for this "bridge" nonsense and what do they do, they announce some Remote BS. The powers that be just don't have a clue.

[Tre Lawrence]

There are different levels of FIPS certification just as there are different levels of federal government security.

Example - Smithsonian Museum vs. CIA.

You could absolutely introduce a level 2 tablet into the Smithsonian since the sensitivity level is moderate. At the CIA, you would need a much higher security level.

I am by no means making light of Samsung's achievement, but this certification should not give anyone the impression that the higher level security agencies will embrace Android *until* its well known security woes are addressed. The much maligned Playbook can enter highly secure environments by virtue of its higher level and the fact that it does not store email natively. That which the industry has maligned has made it usable in certain closed environments.

Frankly I am very surprised that an Android device has received this certification. I was fully expecting Apple to get it first.

This is a good thing for Android fans. But it is not the nail in the coffin that BB haters would have it be.

***One last thought....don't forget that Good or AES do not do near the necessary job with security that BES does. It's not about syncing, it's about control. I do not foresee the federal government secure agencies migrating away from BES and to Good or AES. Not unless some major changes happen in them. BES has a foothold in the federal government that, contrary to what anti-RIM haters would like, is hard to break. Spending the cash to migrate away from BES would mean some tough selling on the Hill, and with the economy the way it is, it will not be an easy sell.

Thanks for the clarification... I would like to know which agencies would pick based off of level, but that would be hard to figure out I guess.

Frankly, I was also shocked Samsung beat Apple to it as well.


Mobile post via Tapatalk

[_StephenBB81]

Thanks for the clarification... I would like to know which agencies would pick based off of level, but that would be hard to figure out I guess.

Frankly, I was also shocked Samsung beat Apple to it as well.

I'm not really shocked Samsung beat Apple, just like Dell beat Apple
I highly suspect if one did some digging they'd see a very heavily locked out Android, again NO android Market places, like the Dell Streak, I can't see Apple Bastardizing their experience to get FIPS, The RIM experience was never App focused, so RIM doesn't bastardize it by locking out App world and 3rd Party Apps, with BES full control is given to the admin of the devices, not so with GOOD and AES which are used for managing the other devices.

[anthogag]

Playbook - NSA

Samsung - Local Post Office

Playbook - NSA

Samsung - security guard at the front gate

[alnamvet68]

Playbook - NSA

Samsung - security guard at the front gate of a house of ill repute.

Better analogy.

[grncherry1]

Playbook - NSA

Samsung - security guard at the front gate

Good one.......

[qbnkelt]

Thanks for the clarification... I would like to know which agencies would pick based off of level, but that would be hard to figure out I guess.

Frankly, I was also shocked Samsung beat Apple to it as well.


Mobile post via Tapatalk

You can pretty well guess that the secure community would remain BB/BES as a whole *with certain sanboxed projects mixed in.* These projects are tightly controlled and would not be mainstream inside firewalls.

Next level would be sensitive but unclassified type of organisations that would still require the controls of BES but where users could still carry, for example, phones with cameras. I'm thinking of DHS organisations such as FEMA, USCIS, ICE, CBP, Agriculture, etc. These would remain level 1.

The places where you might see level 2 certification would be Smithsonian, Interior, Dept of Education, etc. Particularly in the case of the Interior and Education, I can see level 2 Samgung Android devices coming in. It is conceivable that apps could be created, for example, for customers who want to view exhibits in museums. Or where students may be handed tablets as study aids. These organisations would not carry any sensitive data at all, except for the location of important pieces of art, for example. But then there are other levels of protection for those items.

An interesting location would be the National Archives. One set would be behind firewalls and strictly controlled, whereas visitors could in fact be rented tablets to assist in navigating the archives.

That said, I still see BES or at least Fusion in these scenarios. BES is hard to remove.