- *BASICS*
- The Knox Ecosystem
- White Paper
- Samsung Knox Portal
- Knox Cloud Services
- General Knox Support
- Knox Licenses
- *FOR IT ADMINS*
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Introduction
- How-to videos
- Get started
- Features
- Register resellers
- Add an admin
- Create profiles
- Google device owner support
- MDM compatibility matrices
- Device users
- Activity log
- Enroll and unenroll devices
- Configure devices
- Provide KME feedback
- Use the Knox Deployment App (KDA)
- Recover Google FRP locked devices using KME
- Role-based access control (RBAC)
- Release notes
- FAQs
- Troubleshoot
- KBAs
- On-Premise
- Knox Configure
- Mobile
- Wearables
- Shared Device
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- View applications
- Add applications
- Introduction
- Add internal Android and iOS applications
- Add internal Windows applications
- Add public applications using Google Play Store
- Add public applications using iOS App Store
- Add public applications using Managed Google Play
- Add public applications using Managed Google Play Private
- Add public applications using Managed Google Play Store Private Web
- Add public applications using Microsoft Store
- Add Chrome OS applications
- Assign applications
- Introduction
- Assign internal Android and iOS apps
- Assign iOS App Store applications
- Assign Google Play applications
- Assign Managed Google Play applications
- Assign Managed Google Play Private applications
- Assign Managed Google Play public web apps
- Assign Windows applications
- Assign Chrome OS applications
- Manage applications
- Volume Purchase Program for iOS
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQs
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQs
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Introduction
- Accept or reject devices
- Upload devices
- Delete devices
- Complete payment
- Send payment overdue notification
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQs
- KBAs
- Support
- Samsung Care+ for Business
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
Knox White Paper
The Knox Platform has successfully met the rigorous security requirements set by governments and major enterprises around the world, providing organizations with a trusted mobile security solution. The certifications acquired by the Knox Platform allow its mobile devices to be deployed in highly sensitive industries such as the military.
Samsung Knox continuously adds to its growing list of certifications for industries and agencies around the world. For more information on certifications and to review the latest list, see Knox certifications.
Unlike other mobile platforms, the Knox Platform is certified to have met the following countries' security
requirements.
| USA | UK | Germany | France | Spain | Finland | Netherlands | |||
|---|---|---|---|---|---|---|---|---|---|
| MDFPP | EUD | CPA | Endorsement | VS-NfD | CSPN | CCN | TRAFICOM | NCSA | |
| Samsung | ✔ | ✔ | ✔ | ✔ |
✔
|
✔ | ✔ | ✔ | ✔ |
Methodology
Certifications are granted by independent boards that use a specific set of hardware and software, for example, one certificate might be granted for the Galaxy S8 running Knox 3.0. These certifications must be renewed with each device and OS iteration to remain valid. Samsung remains dedicated to maintaining industry compliance and continues to grow and maintain our numerous certifications.
Security principles
Many of these certifications have a set of security principals that a device must uphold. Here are some examples of the security principles validated during certification.
- Data-in-transit protection — Does the device sufficiently protect data-in-transit?
Yes - achieved with Advanced VPNs, Certificate Management, and Common Criteria mode. - Data-at-rest protection — Does the device provide data that is encrypted by default? Is that data
encrypted when the device is locked?
Yes - achieved with Android Enterprise work profile and Sensitive Data Protection. - Authentication — Does the device provide secure authentication methods?
Yes - achieved with the Client Certificate Manager and user authentication methods that include biometrics. - Secure boot — Does the device have mechanisms to ensure the boot up process is free from
modification?
Yes - achieved with a hardware-backed Root of Trust and Trusted Boot. - Platform integrity — Does the device ensure the integrity of the platform? Can it query the
integrity of the platform?
Yes - achieved with the Real-Time Kernel Protection, Device Health Attestation, and Secure lockdown on tampering. - App sandboxing — Does the device provide app sandboxing?
Yes - achieved with the Android Enterprise work profile, Separated Apps, and SEAMS. - App blocking — Does the device allow apps to be added to an allowlist or a blocklist?
Yes - achieved with Advanced App Management. - Security policy enforcement — Does the device allow the enforcement of security policies? Can they
take precedence over user activities?
Yes - achieved with a full complement of EMM policies built on a Knox SDK offering over 1500 APIs. - External interface protection — Does the device allow control over external peripherals such as
Bluetooth, USB, and NFC?
Yes - achieved with Granular Device Management. - Device update policy — Can the device provide deliberate OS updates that match an organizations
evolving needs?
Yes - achieved with Device Software Update Management. - Event collection for enterprise analysis — Does the device allow the collection, and subsequent
audit, of business data?
Yes - achieved with Audit Logs. - Incident response — Can the device be managed if it is lost, stolen or damaged?
Yes - achieved with custom lockscreen info, remote data wipe, auto-wipe after a number of unsuccessful log-in attempts, and remote factory reset.
What does this mean to you? You can rest easy knowing that Samsung Knox's holistic security platform is compliant with the highest security requirements and standards. Samsung Knox devices are built from the ground up to secure your organization's apps and data, providing robust integration with existing IT infrastructure and ensuring there are no functional or security gaps in your deployment.
