Knox White Paper
Knox Certifications
The Knox Platform has successfully met the rigorous security requirements set by governments and major enterprises around the world, providing organizations with a trusted mobile security solution. The certifications acquired by the Knox Platform allow its mobile devices to be deployed in highly sensitive industries such as the military.
Samsung Knox continuously adds to its growing list of certifications for industries and agencies around the world. For more information on certifications and to review the latest list, see Knox certifications.
Unlike other mobile platforms, the Knox Platform is certified to have met the following countries' security
requirements.
| USA | UK | Germany | France | Spain | Finland | Netherlands | |||
|---|---|---|---|---|---|---|---|---|---|
| MDFPP | EUD | CPA | Endorsement | VS-NfD | CSPN | CCN | TRAFICOM | NCSA | |
| Samsung | ✔ | ✔ | ✔ | ✔ |
✔
|
✔ | ✔ | ✔ | ✔ |
Methodology
Methodology
Certifications are granted by independent boards that use a specific set of hardware and software, for example, one certificate might be granted for the Galaxy S8 running Knox 3.0. These certifications must be renewed with each device and OS iteration to remain valid. Samsung remains dedicated to maintaining industry compliance and continues to grow and maintain our numerous certifications.
Security principles
Security principles
Many of these certifications have a set of security principals that a device must uphold. Here are some examples of the security principles validated during certification.
- Data-in-transit protection — Does the device sufficiently protect data-in-transit?
Yes - achieved with Advanced VPNs, Certificate Management, and Common Criteria mode. - Data-at-rest protection — Does the device provide data that is encrypted by default? Is that data
encrypted when the device is locked?
Yes - achieved with Android Enterprise work profile and Sensitive Data Protection. - Authentication — Does the device provide secure authentication methods?
Yes - achieved with the Client Certificate Manager and user authentication methods that include biometrics. - Secure boot — Does the device have mechanisms to ensure the boot up process is free from
modification?
Yes - achieved with a hardware-backed Root of Trust and Trusted Boot. - Platform integrity — Does the device ensure the integrity of the platform? Can it query the
integrity of the platform?
Yes - achieved with the Real-Time Kernel Protection, Device Health Attestation, and Secure lockdown on tampering. - App sandboxing — Does the device provide app sandboxing?
Yes - achieved with through Android Enterprise work profile and SEAMS. - App Whitelisting — Does the device allow app whitelisting and blacklisting?
Yes - achieved with Advanced App Management. - Security policy enforcement — Does the device allow the enforcement of security policies? Can they
take precedence over user activities?
Yes - achieved with a full complement of EMM policies built on a Knox SDK offering over 1500 APIs. - External interface protection — Does the device allow control over external peripherals such as
Bluetooth, USB, and NFC?
Yes - achieved with Granular Device Management. - Device Update Policy — Can the device provide deliberate OS updates that match an organizations
evolving needs?
Yes - achieved with Device Software Update Management. - Event collection for enterprise analysis — Does the device allow the collection, and subsequent
audit, of business data?
Yes - achieved with Audit Logs. - Incident Response — Can the device be managed if it is lost, stolen or damaged?
Yes - achieved with custom lockscreen info, remote data wipe, auto-wipe after a number of unsuccessful log-in attempts, and remote factory reset.
What does this mean to you? You can rest easy knowing that Samsung Knox's holistic security platform is compliant with the highest security requirements and standards. Samsung Knox devices are built from the ground up to secure your organization's apps and data, providing robust integration with existing IT infrastructure and ensuring there are no functional or security gaps in your deployment.
