Knox Deep Dive: Common Criteria Mode

Josh Fernandez
June 10, 2019

 

What is CC mode?

Knox supports advanced device configurations tailored to the defense industry. A single Knox setting can apply many of the configurations needed to put the device into a compliant state.

Thus, KPE extends AE’s device controls by exposing this setting, called the Government-Grade Common Criteria Mode or CC Mode. This setting helps simplify the task of correctly configuring a device for deployments that must meet defense-grade security requirements. The Common Criteria for Information Technology Security Evaluation, commonly referred to as Common Criteria, is an internationally-recognized standard for defining security objectives of information technology products and for evaluating vendor compliance with these objectives. A number of governments use Common Criteria as the basis for their own certification schemes.

A wide range of Samsung Galaxy devices have received Common Criteria (CC) certification. The current CC certification targets the new Mobile Device Fundamentals Protection Profile (MDFPP) of the National Information Assurance Partnership (NIAP), which addresses the security requirements of mobile devices for use in enterprise. Samsung Knox is approved by the United States government as the first NIAP-validated mobile devices to handle the full range of classified information.

 

What can CC mode do?

An IT admin can enable the device to be placed into the Common Criteria configuration. When enabled, the device:

  • Blocks bootloader download mode, the manual method for software updates
  • Mandates additional key zeroization on key deletion
  • Prevents non-authenticated Bluetooth connections
  • Requires that FOTA updates have a 2048-bit RSA-PSS signature
  • Uses many other security settings

While other optional configuration steps are still recommended on top of Common Criteria Mode, the value is clear: simplifying the correct configuration of endpoints for high-security deployments saves time and prevents mistakes that can lead to misconfigurations and added security risks.

 

More information

Refer to the following Knowledge Base Articles for details about:

 

Next steps

To learn more about:

Contact a business sales expert

Our Knox sales team is ready to collaborate with you to address your biggest business challenges. Please provide your contact details to get started with a free trial or discuss a project with our sales team.