Knox Deep Dive: Common Criteria Mode

What is CC mode?

Knox supports advanced device configurations tailored to the defense industry. A single Knox setting can apply many of the configurations needed to put the device into a compliant state.

Thus, KPE extends AE’s device controls by exposing this setting, called the Government-Grade Common Criteria Mode or CC Mode. This setting helps simplify the task of correctly configuring a device for deployments that must meet defense-grade security requirements. The Common Criteria for Information Technology Security Evaluation, commonly referred to as Common Criteria, is an internationally-recognized standard for defining security objectives of information technology products and for evaluating vendor compliance with these objectives. A number of governments use Common Criteria as the basis for their own certification schemes.

A wide range of Samsung Galaxy devices have received Common Criteria (CC) certification. The current CC certification targets the new Mobile Device Fundamentals Protection Profile (MDFPP) of the National Information Assurance Partnership (NIAP), which addresses the security requirements of mobile devices for use in enterprise. Samsung Knox is approved by the United States government as the first NIAP-validated mobile devices to handle the full range of classified information.

What can CC mode do?

An IT admin can enable the device to be placed into the Common Criteria configuration. When enabled, the device:

Blocks bootloader download mode, the manual method for software updates
Mandates additional key zeroization on key deletion
Prevents non-authenticated Bluetooth connections
Requires that FOTA updates have a 2048-bit RSA-PSS signature
Uses many other security settings

While other optional configuration steps are still recommended on top of Common Criteria Mode, the value is clear: simplifying the correct configuration of endpoints for high-security deployments saves time and prevents mistakes that can lead to misconfigurations and added security risks.

More information

Refer to the following Knowledge Base Articles for details about:

Next steps

To learn more about:

The advantages offered by Samsung Knox devices over non-Samsung devices, see the KPE Feature Comparison Table.
Other KPE features, see the Knox White Paper.
Other Knox solutions, see the Knox IT Solutions.

Suscribirse al boletín de Knox

Regístrese para obtener las noticias más recientes de Samsung Knox

Algo salió mal, vuelva a intentarlo.

¡Gracias por suscribirse!

Samsung uses the email you provide to us to send email communications about Knox content, product launches, and services.
Puede cancelar su suscripción en cualquier momento haciendo clic en el enlace de cancelación en el correo electrónico.
Check our Privacy Policy to see how we manage your data.