Learn about Pixel security certifications on Android

Federal Information Processing Standards (FIPS) are standards and guidelines for federal computer systems that are developed by the National Institute of Standards and Technology (NIST) in accordance with the federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce. Although FIPS are developed for use by the federal government, many in the private sector voluntarily use these standards as well. The National Institute of Standards and Technology’s (NIST) Cryptographic Algorithm Validation Program (CAVP) provides validation testing of approved cryptographic algorithms and their individual components. The goal of the Cryptographic Module Validation Program (CMVP) is to promote the use of validated cryptographic modules and provide federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules.

Common Criteria is a driving force for the widest available mutual recognition of security products with 31 participating countries. The National Information Assurance Partnership (NIAP) serves as the U.S. representative to the Common Criteria Recognition Arrangement (CCRA). In partnership with NIST, NIAP approves Common Criteria Testing Laboratories to conduct security evaluations in private sector operations across the United States.

Certification for the IC protection profile (PP0084) was provided by TÜV Rheinland Nederland B.V., which is responsible for implementation and management for the Netherlands Scheme for Certification in the Area of IT Security (NSCIB). TÜV Rheinland Nederland B.V. is accredited by the Dutch Accreditation Council (RvA) registered under C078 for the Common Criteria.

The Security Technical Implementation Guides (STIGs) are the configuration standards for Department of Defense Information Assurance (IA) and IA-enabled devices/systems. The STIGs contain technical guidance on how to harden information systems/software that might otherwise be vulnerable to a malicious computer attack.

Pixel leverages Android Enterprise services for various functionality such as distributing and managing applications. Android Enterprise has completed both SOC2 and ISO27001 accreditation.