- Basics
- About Knox
- Knox licenses
- Knox white paper
- Sign up for Samsung Knox
- Latest release notes
- General Knox FAQ
- General Knox KBAs
- Submit a support ticket
- User Acceptance Testing
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Create a new profile
- Assign profiles to groups and organizations
- Enroll devices
- Shared Android device quickstart
- Non-shared Android device enrollment quickstart
- Android Management API device enrollment quickstart
- Apple User Enrollment quickstart
- View device information
- Apply profiles to organizations
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Open API reference
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
Knox White Paper
The Knox Platform has successfully met the rigorous security requirements set by governments and major enterprises around the world, providing organizations with a trusted mobile security solution. The certifications acquired by the Knox Platform allow its mobile devices to be deployed in highly sensitive industries such as the military.
Samsung Knox continuously adds to its growing list of certifications for industries and agencies around the world. For more information on certifications and to review the latest list, see Knox certifications.
Unlike other mobile platforms, the Knox Platform is certified to have met the following countries' security
requirements.
| USA | UK | Germany | France | Spain | Finland | Netherlands | |||
|---|---|---|---|---|---|---|---|---|---|
| MDFPP | EUD | CPA | Endorsement | VS-NfD | CSPN | CCN | TRAFICOM | NCSA | |
| Samsung | ✔ | ✔ | ✔ | ✔ |
✔
|
✔ | ✔ | ✔ | ✔ |
Methodology
Certifications are granted by independent boards that use a specific set of hardware and software, for example, one certificate might be granted for the Galaxy S8 running Knox 3.0. These certifications must be renewed with each device and OS iteration to remain valid. Samsung remains dedicated to maintaining industry compliance and continues to grow and maintain our numerous certifications.
Security principles
Many of these certifications have a set of security principals that a device must uphold. Here are some examples of the security principles validated during certification.
- Data-in-transit protection — Does the device sufficiently protect data-in-transit?
Yes - achieved with Advanced VPNs, Certificate Management, and Common Criteria mode. - Data-at-rest protection — Does the device provide data that is encrypted by default? Is that data
encrypted when the device is locked?
Yes - achieved with Android Enterprise work profile and Sensitive Data Protection. - Authentication — Does the device provide secure authentication methods?
Yes - achieved with the Client Certificate Manager and user authentication methods that include biometrics. - Secure boot — Does the device have mechanisms to ensure the boot up process is free from
modification?
Yes - achieved with a hardware-backed Root of Trust and Trusted Boot. - Platform integrity — Does the device ensure the integrity of the platform? Can it query the
integrity of the platform?
Yes - achieved with the Real-Time Kernel Protection, Device Health Attestation, and Secure lockdown on tampering. - App sandboxing — Does the device provide app sandboxing?
Yes - achieved with the Android Enterprise work profile, Separated Apps, and SEAMS. - App blocking — Does the device allow apps to be added to an allowlist or a blocklist?
Yes - achieved with Advanced App Management. - Security policy enforcement — Does the device allow the enforcement of security policies? Can they
take precedence over user activities?
Yes - achieved with a full complement of EMM policies built on a Knox SDK offering over 1500 APIs. - External interface protection — Does the device allow control over external peripherals such as
Bluetooth, USB, and NFC?
Yes - achieved with Granular Device Management. - Device update policy — Can the device provide deliberate OS updates that match an organizations
evolving needs?
Yes - achieved with Device Software Update Management. - Event collection for enterprise analysis — Does the device allow the collection, and subsequent
audit, of business data?
Yes - achieved with Audit Logs. - Incident response — Can the device be managed if it is lost, stolen or damaged?
Yes - achieved with custom lockscreen info, remote data wipe, auto-wipe after a number of unsuccessful log-in attempts, and remote factory reset.
What does this mean to you? You can rest easy knowing that Samsung Knox's holistic security platform is compliant with the highest security requirements and standards. Samsung Knox devices are built from the ground up to secure your organization's apps and data, providing robust integration with existing IT infrastructure and ensuring there are no functional or security gaps in your deployment.
