From a Xamarin app, what component(s) should be used to enable FIPS compliant communications with an Azure App Service?
From a Xamarin app, what component(s) should be used to enable FIPS compliant communications with an Azure App Service?
@MarcGeorge-9076, Apologies for the delay in responding here from over the weekend.
I'm checking on this internally and will get back to you shortly.
Thanks for your patience!
FIPS 140 Level 2 generally needs:
1) Chain of trust using an approved cipher (like AES-256) and
2) Tamper evidence (not resistance).
Typically, for this kind of requirement a standard TLS 1.2+ compatible FIPS 140 cipher will work. Core Azure components like KeyVault HSM should provide tamper evidence capability.
So, you will need to ensure chain of trust and tamper evidence between Xamarin App <> App Service <> ACS.
Once again apologies for the delay on this.
Hope the above information helps. If you have any further questions, please do let us know the intended use of the solution and your requirement.
To benefit the community find the right answers, please do mark the post which was helpful by clicking on ‘Accept Answer’ & ‘Up-Vote’.
Does Microsoft have any development programs / existing components for providing the FIPS 140-2 and 140-3 cipher across the numerous mobile platforms and devices that compliance testing has to be performed for meeting federal deployment requirements.
Apologies! If I have understood you correct- All Azure services use FIPS 140 approved algorithms for data security because the operating system uses FIPS 140 approved algorithms while operating at a hyper scale cloud. Moreover, Azure customers can store their own cryptographic keys and other secrets in FIPS 140 validated hardware security modules (HSM). Please check out the Federal Information Processing Standard (FIPS) 140 (for US Government) docs for additional info.
Encryption in the Microsoft Cloud
If you have further questions on this, I'll reach out to privately, to understand your scenario better and share/connect appropriate resource.
Thanks for your patience!
I have a Xamarin application, operating external to Azure, that needs to do two things, use Azure databases and use a Azure App Service. The communications channels for both need to meet FIPS requirements. That would entail there be components(originally I was asking about for the app service; I asked a second question about SQL) in the app to be FIPS certified. FIPS certification requires an ongoing certification testing program for new device groups and OS changes.
I was asking if Microsoft had such a component and testing program.
4 people are following this question.