Security

BlackBerry UEM gains Department of Defense Information Network Approval

BlackBerry UEM is the only MDM solution on the DoDIN Approved Product List

BlackBerry has received approval from the Department of Defense Information Network (DoDIN) for its BlackBerry Unified Endpoint Manager software (UEM). BlackBerry UEM is the only MDM solution on the DoDIN Approved Product List. 

The DoDIN Approved Product List is the single consolidated list of communication and collaboration products that have completed Cybersecurity and Interoperability certification across the DoDIN.

The DoDIN Approved Products List was established to identify products that have undergone security and interoperability testing in order to ensure they can be acquired and deployed by Military Departments and DoD agencies as part of their communications network.

This process is managed by the Defense Information Systems Agency’s (DISA) Approved Products Certification Office (APCO).

DISA

The DoDIN APL testing is broadly divided into two categories:

  1. Cybersecurity (CS) or Information Assurance (IA) testing: As part of this testing you would exhibit that the product can be securely configured, based on DoD provided Security Technical Implementation Guides (STIGs). 
  2. Interoperability (IO) testing: This testing ensures that the product interoperates correctly when placed within the DoD network.

The end-to-end process of certification can take 13-15 months and usually starts with an initial assessment in which product category and applicable STIGs are determined. This is followed by a self-assessment to determine if the product meets all STIG requirements.

Assuming all gaps identified (and there will be gaps!) during the self-assessment are manageable, and there is a path forward identified in closing these gaps, we can move to the Initial Contact Meeting (ICM) with APCO. At this point the official engagement begins from APCO’s point of view. Post ICM, a test date at DISA testing center is determined.

Unlike FIPS and Common Criteria, this certification doesn’t have commercial laboratories. Testing is performed at DoD operated labs. At the lab, CS/IA and IO testing is performed and the outcome of which is a provisional listing and a Plan of Action and Mitigation (POA&M). These POA&Ms reflect the issues identified during the testing phase and usually are required to be addressed within a year. 

BlackBery UEM’s approval was released by the Defense Information Systems Agency’s (DISA) Chief Information Assurance Executive (CIAE).  DISA’s mission is to provide, operate and defend global command and control and information-sharing capabilities for the entire Department of Defense (DoD), national-level leaders and coalition partners.

“BlackBerry is extremely proud to be a partner of the United States Federal Government for over twenty years,” said John Chen, Executive Chairman & CEO, BlackBerry. 

“DISA is responsible for delivering world-class secure communications and collaboration tools across the DoD and BlackBerry is honored to receive approval to be on the DoDIN APL.”