Windows Phone 8 is now FIPS 140-2 certified. FIPS 140-2 is a government security standard used to accredit cryptographic algorithms that protect sensitive data inside products like smartphones.
What does this mean?
Basically it means that government agencies in the US and Canada trust the Windows 8 Phone certificates to protect sensitive data. So if you have any app ideas that will store sensitive data, you know that the Windows 8 Phone is up to the task. FIPS 140-2 is a mandatory standard for all Federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems. It’s the standard required by the military, and I can assure you the military is very careful with their data!
There are nine certificates accredited:
- Kernel Mode Cryptographic Primitives Library (CNG.SYS)
- Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
- Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)
- Enhanced Cryptographic Provider (RSAENH.DLL)
- Boot Manager
- BitLocker Windows OS Loader (WINLOAD)
- Code Integrity (CI.DLL)
- BitLocker Windows Resume (WINRESUME)
- BitLocker Dump Filter (DUMPFVE.SYS)
The accreditation was awarded by the Cryptographic Module Validation Program, a joint effort of the U.S. National Institute of Standards and Technology and the Communications Security Establishment Canada, the country’s national cryptologic agency. This information was announced on the Windows Blog in mid September.
If security is important to you, you should also check out the Windows Phone 8 Security Guide, you’ll find more information on security topics related to Windows Phone. You can download a copy of the updated guide here.
Don’t forget if you are a student you don’t have to settle for Express versions of Visual Studio when you build Windows Phone apps. Get Visual Studio Professional, the Windows Phone SDK, and a free Windows Phone Store account from DreamSpark!