FIPS compliance in an AppConnect SDK app

You can make an AppConnect app FIPS compliant. FIPS compliance information is available at:

http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

The following features of the AppConnect for iOS SDK allow you to make a FIPS compliant AppConnect app:

•The SDK is FIPS compliant on all iOS devices running supported versions of iOS as listed in Product versions required .

It is not FIPS compliant on devices running previous iOS versions.

The AppConnect for iOS SDK uses ECDH and AES-256-GCM protocols for the inter-app communication bus between AppConnect apps and Mobile@Work.

•The SDK uses FIPS compliant algorithms for all cryptographic operations.

•The SDK uses OpenSSL for cryptography.

The use of OpenSSL allows you to link into a FIPS compliant version of the OpenSSL library in your app.

To make your app is FIPS compliant with regard to its use of the AppConnect for iOS SDK, do the following:

•Link into an OpenSSL library built in FIPS mode. When you link your OpenSSL library to your Xcode project, make sure it is listed higher than the AppConnect.xcframework in Xcode under Linked Frameworks and Libraries.

Ivanti has verified that the AppConnect for iOS SDK works correctly using OpenSSL library version 1.0.2h. Check OpenSSL documentation to determine differences with other OpenSSL library versions.

•Make sure that you have initialized OpenSSL in FIPS mode before calling any AppConnect for iOS APIs.

•If you use your own libcrypto.a file, make sure it is FIPS compliant. The libcrypto.a file included in the AppConnect.xcframework is FIPS compatible.