Knox supports advanced device configurations tailored to the defense industry. A single Knox setting can apply many of the configurations needed to put the device into a compliant state.
Thus, KPE extends AE’s device controls by exposing this setting, called the Government-Grade Common Criteria Mode or CC Mode. This setting helps simplify the task of correctly configuring a device for deployments that must meet defense-grade security requirements. The Common Criteria for Information Technology Security Evaluation, commonly referred to as Common Criteria, is an internationally-recognized standard for defining security objectives of information technology products and for evaluating vendor compliance with these objectives. A number of governments use Common Criteria as the basis for their own certification schemes.
A wide range of Samsung Galaxy devices have received Common Criteria (CC) certification. The current CC certification targets the new Mobile Device Fundamentals Protection Profile (MDFPP) of the National Information Assurance Partnership (NIAP), which addresses the security requirements of mobile devices for use in enterprise. Samsung Knox is approved by the United States government as the first NIAP-validated mobile devices to handle the full range of classified information.
What can CC mode do?
An IT admin can enable the device to be placed into the Common Criteria configuration. When enabled, the device:
- Blocks bootloader download mode, the manual method for software updates
- Mandates additional key zeroization on key deletion
- Prevents non-authenticated Bluetooth connections
- Requires that FOTA updates have a 2048-bit RSA-PSS signature
- Uses many other security settings
While other optional configuration steps are still recommended on top of Common Criteria Mode, the value is clear: simplifying the correct configuration of endpoints for high-security deployments saves time and prevents mistakes that can lead to misconfigurations and added security risks.
Refer to the following Knowledge Base Articles for details about:
- Common Criteria Mode, supported Samsung devices, and test APKs
- Common Criteria evaluation, by Android version
To learn more about:
- The advantages offered by Samsung Knox devices over non-Samsung devices, see the KPE Feature Comparison Table.
- Other KPE features, see the KPE White Paper.
- How to use the Knox SDK to apply additional security configurations, read the Knox SDK Developer Guide.