Product Documentation

FIPS 140-2 compliance

The Federal Information Processing Standard (FIPS) is issued by the US National Institute of Standards and Technologies (NIST). FIPS specifies the security requirements for cryptographic modules used in security systems. FIPS 140-2 is the second version of this standard. For more information about NIST-validated FIPS 140 modules, see http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf.

Important:

  • You can enable XenMobile FIPS mode only during initial installation.

  • XenMobile mobile device management-only, XenMobile mobile app management-only, and XenMobile MDM+MAM are all FIPS compliant provided that no HDX apps are used.

All data-at-rest and data-in-transit cryptographic operations on iOS use FIPS-certified cryptographic modules provided by the OpenSSL and Apple. On Android, all data-at-rest cryptographic operations and all data-in-transit cryptographic operations from the mobile device to NetScaler Gateway use FIPS-certified cryptographic modules provided by OpenSSL.

All data-at-rest and data-in-transit cryptographic operations for Mobile Device Management (MDM) on supported Windows devices use FIPS-certified cryptographic modules provided by Microsoft.

All data-at-rest and data-in-transit cryptographic operations for XenMobile MDM use FIPS-certified cryptographic modules provided by OpenSSL. All data-at-rest and data-in-transit for MDM flows use FIPS-compliant cryptographic modules end-to-end. That security includes the cryptographic operations described above for mobile devices, plus the cryptographic operations between mobile devices and NetScaler Gateway.

All data-in-transit cryptographic operations between iOS, Android, and Windows mobile devices and NetScaler Gateway use FIPS-certified cryptographic modules. XenMobile uses a DMZ-hosted NetScaler FIPS Edition appliance equipped with a certified FIPS module to secure these data. For more information, see the NetScaler FIPS documentation.

The MDX Vault encrypts MDX-wrapped apps and associated data-at-rest on both iOS and Android devices using FIPS-certified cryptographic modules provided by the OpenSSL.

For the full XenMobile FIPS 140-2 compliance statement, including the specific modules used in each case, contact your Citrix representative.

FIPS 140-2 compliance

In this article