Décembre 14, 2020

German government security approvals for solutions with Samsung Galaxy devices

Samsung Knox Team

One of the most important things we focus on at Samsung is security. This is true for all our devices and solutions, and it’s especially true for our government, military, and other public sector customers and partners.

Public institutions have a very pressing need for top-tier security to protect sensitive information and to avoid unauthorized access to systems, so we have set up a variety of processes to ensure that we are complying with all guidelines.

Additional challenges for public institutions are the digital transformation of work processes, the necessity to increase efficiency, and to constantly innovate – but at the same time decrease cost. Mobile devices have become a personal information hub with support for messaging, voice and video calls, but also a business tool with calendar, address books, and information access and exchange in general. So, commercial off-the-shelf devices can deliver all the necessary tools at a high innovation rate and competitive prices – but can they meet stringent security requirements?

In Germany, the BSI (Bundesamt für Sicherheit in der Informationstechnik, Federal Office for Information Security) is the public authority that defines security requirements and leads the approval process of devices and solutions for restricted government use cases. The approval most relevant for Samsung Mobile is the one for secure mobile communication solutions for classified information of the "VS-NfD" (classified material, for official use only) restriction level. Only solutions with BSI approval are allowed to be used in the VS-NfD context. While the BSI approval is an essential step, some agencies might require their own approval in addition before a solution can be used by them.

The BSI approval is not for mobile devices alone, but comprises a whole solution including the device, applications, servers, VPN, and device management. While Samsung devices, the Knox Platform for Enterprise, and most Knox solutions are under Samsung control, everything else in scope of the approval is provided by the solution partner or third parties. Our partners build their products utilizing Samsung Knox security features, and enter the approval process with the whole solution.

The BSI approval process for a solution can only be initiated by a government customer that wants to use it. Besides the BSI, the process involves the solution partner, an accredited test lab, third parties, and Samsung as device manufacturer.

Product security properties and features must be accurately documented in a formal way, and the documentation as well as the solution itself is evaluated by the security test lab. Evaluations are conducted to determine if the device meets all the requirements needed to protect against unauthorized access to sensitive information and for the integrity of the solution overall.

The most commonly evaluated modules that we see include cryptographic modules, Data-At-Rest (DAR) protection, Data-In-Transit (DIT) protection, device firmware update mechanisms, device restriction policies, kernel and system protection mechanisms, and secure boot mechanisms.

Further details of the BSI approval process are documented on their web site.

Samsung Galaxy devices are currently approved in a solution provided by our solution partner Secusmart, the SecuSUITE for Samsung Knox – with more to follow. It is referenced on BSI's web site on mobile communication solutions, and listed in their catalogue of approved products.

This allows many government agencies in Germany to deploy solutions using Samsung smartphones and tablets with security assurances to be utilized for a wide range of day-to-day and mission critical activities, for transfer and handling of information up to the secrecy level "VS-NfD".

When German government agencies consider the deployment of highly secure ultra-mobile communication solutions, they often opt for SecuSUITE for Samsung Knox (SS4SK), as one of the most comprehensive offerings in the VS-NfD-approved space.

For SecuSUITE for Samsung Knox, Secusmart has partnered with Samsung Electronics Co., Ltd. It allows government employees to exchange classified information with their colleagues, be it via an end-to-end crystal-clear encrypted phone call, or a presentation, edited on the mobile device, and sent via email across the solutions’ SecuCONNECT vpn link through the governments’ own data center. Employees are also enabled to access authority-specific IT-systems via dedicated secure apps or the SecuFOX browser.

Optional personal apps, strictly separated from the secure space, can be downloaded from the Google Play Store by the user.

As working from home and remote work become the new normal, Samsung DeX, in combination with virtual desktop infrastructure, turns a SecuSUITE for Samsung Knox device into the flexible, pocket-sized, yet full-featured mobile workstation for classified data.

SS4SK integrates with market-leading MDM/MAM solutions. It also utilizes Samsung key services such as Knox Mobile Enrollment and Knox Configure to support large scale deployments.

When the goal of approval for a specific product version is achieved, the work is not over: the approval for new versions of the partner's application and new Samsung devices needs to be prepared so that new devices can be used for "VS-NfD" soon after their market release.

Samsung's work to achieve government security approvals underlines our efforts to maintain and enhance Knox security features. Another long-term project that Samsung has undertaken since 2016 together with BSI and partners is the initiative to bring Germany’s National electronic ID onto selected Samsung Galaxy smartphones. A key device feature to support the eID is a tamper-resistant embedded Secure Element (eSE) inside the smartphone. The eSE serves as security anchor for the eID and its cryptographic keys. Its security properties have been certified according to the international Common Criteria standard.

Existing global and national approvals, certifications, and related documents for Samsung Knox can be found on our Knox certifications and guidance page.

Get in touch with Secusmart at www.secusmart.com

Secusmart GmbH
Heinrichstraße 155
40239 Düsseldorf
sales@secusmart.de

Or contact your local Samsung team using the contact form below.

[Icon] fermer

Lancez-vous avec Samsung Knox

[Icon] valise
Êtes-vous un revendeur, un fournisseur de solutions ou un fournisseur de services ?

Devenez un partenaire Knox et développez votre entreprise aujourd'hui.

[Icon] infos

Pour commencer, sélectionnez un produit Knox :

Pack tout-en-un
Knox Suite
Rebranding et personnalisation
Knox Configure
Protection contre la fraude et le vol
Knox Guard
Programme de protection des appareils
Samsung Care+ for Business
Autres produits et services

Démarrez avec

[Image] Knox Suite

Pack de solutions tout-en-un pour la mobilité des entreprises.

  • Obtenez un essai gratuit de 90 jours pour jusqu'à 30 appareils.
  • Un ensemble complet d'outils pour sécuriser, déployer, gérer et analyser les appareils de votre entreprise.
  • Essayez des fonctionnalités puissantes réunies dans Knox Suite.

Knox Suite inclut:

Knox Mobile Enrollment Gratuite
Knox Manage
Knox E-FOTA
Knox Asset Intelligence
Knox Platform for Enterprise Gratuite
Assistance à distance Knox
Knox Capture
Knox Authentication Manager

Démarrez avec

[Image] Logo Knox Configure

Donnez une nouvelle image à vos appareils Samsung et personnalisez-les.

  • Obtenez un essai gratuit de 90 jours pour jusqu'à 30 appareils.
  • Configurez à distance tous vos appareils Samsung et personnalisez-les immédiatement pour répondre au mieux à vos besoins spécifiques
  • Configurez vos appareils pour un déploiement unique, ou mettez-les à jour autant que vous le souhaitez.

Démarrez avec

[Icon] Logo Knox Guard

Protection contre la fraude et le vol pour les appareils Samsung.

  • Obtenez un essai gratuit de 90 jours pour jusqu'à 30 appareils.
  • Réduisez les risques financiers et protégez vos actifs en contrôlant vos appareils Samsung à distance.
  • Testez toutes les fonctionnalités de Knox Guard, y compris le contrôle de carte SIM et le verrouillage des appareils.

Démarrez avec

[Image] Logo Samsung Care Plus For Business

Programmes de protection de vos appareils Samsung.

  • Limitez les interruptions des activités de l'entreprise avec des réparations et des remplacements rapides des appareils. Contactez l'équipe commerciale Samsung pour vous lancer.
  • Visualisez la couverture de tous vos appareils et demandez des informations, le tout via une plate-forme unique.
  • Vous avez acheté Samsung Care+ for Business ? Créez un compte et activez votre forfait sur la console Samsung Care+ for Business.

Autres produits et services

[Image] Logo autres

Des solutions modernes pour répondre à vos besoins uniques.

  • Bénéficiez d'une assistance technique efficace grâce à un gestionnaire de compte dédié avec Enterprise Tech Support.
  • Créez des appareils sur mesure pour votre entreprise grâce à Samsung Software Customization Services.
CONTACTER LE SERVICE COMMERCIAL