Common Criteria (CC) Mode international standard for defining security requirements for IT products and to assess vendor compliance with these requirements.
The current CC certification targets the new Mobile Device Fundamentals Protection Profile (MDFPP) of the National Information Assurance Partnership (NIAP), which addresses the security requirements of mobile devices for use in business. Samsung Knox is approved by the United States government as the first NIAP-validated consumer mobile devices to handle the full range of classified information.
An administrator can enable the device to be placed into the Common Criteria configuration. When enabled, bootloader will block KIES download mode, enforce to check integrity of kernel, and self-test crypto-modules. In addition, device will verify additional signature on FOTA update using RSA-PSS signature and enforce to use FIPS 140-2 validated crypto module for EAP-TLS Wi-Fi connection.
To fully enable Common Criteria-evaluated configuration, below prerequisites should be satisfied:
- Storage Encryption should be enabled on the Device Passcode profile. This means a full encryption of the device - Fast Encryption option will not work.
- SD Card Encryption should be enabled.
- Maximum Number of Failed Attempts should be configured to a value of 10 or fewer on the Device Passcode profile.
- Passcode History must be set to zero on the device passcode profile.