ISO/IEC 27001 provides a model for establishing an information security management system (ISMS), which aligns people, resources, and controls, to create a series of measurable security practices to protect information assets.
The ISO 27018 standard intends to be “a reference for selecting PII protection controls within the process of implementing a cloud computing information security management system based on ISO/IEC 27001.
The ISO 27017 standard advises both cloud service customers and cloud service providers, with the primary guidance laid out side-by-side in each section.
ISO 9001 is the most widely adopted international quality standard with over 1.1 million certificates issued worldwide. The standard is based on a number of quality management principles which include having a strong customer focus, organizational leadership driving quality engagement, using the process approach and continual improvement.
AICPA SOC Reports
American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports provide assurance from a third-party auditor over control environments as they relate to the retrieval, storage, processing and transfer of data.
OpenChain ISO/IEC 5230:2020 is the International Standard for open-source license compliance. It defines the key elements of a quality open-source compliance program that allows companies of all sizes and sectors to adopt them.
Building on BlackBerry’s adoption of OpenChain ISO/IEC 5230:2020, BlackBerry has also achieved OpenChain Security Assurance Specification conformance, a best-in-class validation of a company’s ability to manage open-source vulnerabilities and risks as part of its software supply chain, with a view to providing a higher level of security assurance for customers.
The Linux Foundation’s OpenChain Project works to establish trust in open-source software.
The Federal Risk and Authorization Management Program, or FedRAMP, is a United States government program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.
Certificate of Networthiness (CoN) and Authority to Operate (ATO)
The Networthiness Certification confirms that information systems meet the security, compatibility, and sustainability standards set by the United States Army.
The Federal Information Processing Standard (FIPS) Publication 140-2 is a United States government standard that defines minimum security requirements for cryptographic modules in information technology products. The Cryptographic Module Validation Program (CMVP), headed by the National Institute of Standards and Technology (NIST) validates conformance to FIPS 140-2 requirements.
The Government of Ontario, Canadian Manufacturers & Exporters (CME), and BlackBerry® have announced a partnership to accelerate Ontario’s economic recovery, following the impact of the COVID-19 pandemic. BlackBerry will participate in the Ontario Made program, managed by CME, aimed at promoting locally made products. In collaboration with the Government of Ontario and CME, BlackBerry will also establish a technology working group to expand the program.
Department of Defense Information Network (DoDIN) Approval
BlackBerry® Unified Endpoint Manager (UEM) software has achieved Department of Defense Information Network (DoDIN) approval as a Mobile Device Management (MDM) solution. The DoDIN APL is the single consolidated list of communication and collaboration products that have completed Cybersecurity and Interoperability certification across the DoDIN. DISA’s mission is to provide, operate and defend global command and control and information-sharing capabilities for the entire Department of Defense (DoD), national-level leaders and coalition partners.
NATO has approved the BlackBerry® Enterprise Solution for the storage and transmission of data up to and including the NATO RESTRICTED classification.
Common Criteria EAL 4 +
Common Criteria provides assurance of the design and implementation of security-sensitive products. EAL4+ is the highest certification level and is frequently conducted for products deployed in environments handling sensitive government data.
The National Information Assurance Partnership (NIAP) is responsible for US implementation of the Common Criteria, including management of the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) validation body.
National Security Agency (NSA)
BlackBerry® Unified Endpoint Manager (UEM) software has achieved National Security Agency (NSA) Commercial Solutions for Classified Program (CSfC) approval.
Cyber Essentials is a cyber security standard developed under the auspices of the Communications-Electronics Security Group (CESG), the information security arm of Government Communications Headquarters (GCHQ) in the United Kingdom. It identifies the security controls that an organization must have in place in order to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.
BlackBerry QNX Certifications
The QNX® OS for Safety is certified to meet the requirements of International Electrotechnical Commission (IEC) standard 61508 Safety Integrity Level 3 (SIL3). It’s also assessed to be compliant with ISO 26262 Automotive Safety Integrity Level (ASIL D).
BlackBerry Carbon Neutral Certification
BlackBerry has achieved carbon neutrality across Scope 1, Scope 2 and material Scope 3 emissions. Additionally, BlackBerry has invested in carbon removal, for a net effect of the company removing carbon dioxide from the atmosphere.