Windows Phone picks up all nine FIPS 140-2 certifications, clears path for government customers

Good news if you’re a Windows Phone lover and happen to work for the United States or Canadian governments. The mobile operating system you use all the time has picked up the required cryptographic modules from the US CMVP and Canadian CSEC validation programs. Details after the break.

While Windows Phone is a fine operating system for both consumer and enterprise customers, it’s been held back from any government action. What kept it? The lack of support for some validation certificates that are issued by the Cryptographic Module Validation Program (CMVP-United States) or the Communications Security Establishment (CSE-Canada).

Windows Phone just received all nine FIPS 140-2 validation certificates. FIPS stands for Federal Information Processing Standard and was determined by a publication titled Security Requirements for Cryptographic Modules. The purpose of giving a device, like Windows Phone, FIPS 140-2 is to standardize and coordinate requirements for cryptography modules in both software and hardware. This will allow government agencies and other regulated industries (healthcare and finance) to collect, store, transfer, share, and disseminate sensitive but unclassified information.

What’s this mean for Windows Phone? It means government customers in the United States and Canada can validate and deploy Windows Phone devices to their employees. You won’t be seeing James Bond with one soon (he deals with classified information), but it’s a good win for Windows Phone and another step towards increased market share.

If anything of this makes sense, you’ll want to hit up the MSDN blog post below to get the details and view all nine FIPS 140-2 certificates that Windows Phone received.

Source: MSDN; Thanks, Vince B., for the tip!

Sam Sabri