The Common Criteria Evaluation is part of the Australasian Information Security Evaluation Program (AISEP). The devices are the Galaxy S III, Samsung Galaxy Note II and Samsung Galaxy Note 10.1 (software version 4.1.1).
Samsung has engaged BAE Systems Detica to perform an evaluation of these devices, which is expected to take four to six months. Government departments in Australia and New Zealand can then consider using these Samsung devices to transmit unclassified information in line with the Australian Government Information Security Manual.
“We are very pleased to have our products under evaluation by DSD,” said Andre Obradovic, Director for Enterprise and SMB, Samsung Electronics Australia.
“We see this as a way to provide a wider range of choice for our government customers and look forward to bringing the same user experience to our important government customers as we do for our enterprise customers.
“DSD certification requires a rigorous testing process and demands the strictest levels of security standards. Being accepted into the DSD evaluation is another step towards confirming Samsung products as highly secure devices that governments and enterprises across Australia can rely on for their mobility needs,” Obradovic said.
As part of the evaluation BAE Systems Detica will perform a detailed examination of the products based on the Security Target, which is the agreed scope of work for the testing. The design, guidance and Samsung testing will also be assessed. The final component of a Common Criteria evaluation is a vulnerability assessment and penetration test to confirm that the products have no exploitable vulnerabilities in the intended environment.
“BAE Systems Detica was selected by Samsung for its extensive experience, approach and reputation,” said Richard Watson, Managing Director of BAE Systems Detica in the region. “It was a complex process to have the devices accepted for testing, so it’s great to get the evaluation underway for Samsung.”
The Detica lab has been licensed by the DSD to provide Common Criteria evaluations under the Australasian scheme, and by Cybersecurity Malaysia to provide evaluations under the Malaysian scheme. It has finished over 50 Common Criteria Evaluations across Asia Pacific. The BAE Systems Detica lab is the only commercial accredited forensic lab in Australia. The lab team consists of 20 highly technical and experienced consultants performing the evaluation tasks.
Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous, standard and repeatable manner at a level that is commensurate with a target environment for use.
A Common Criteria Evaluation is a widely accepted method available to governments around the world to confirm the trustworthiness of a product’s security features.
The results of an evaluation in Australia are recognised by the 26 participating Common Criteria Recognition Arrangement (CCRA) members. There are 14 other Certificate Authorising Members including Canada, UK, US, France, Spain, Japan and Malaysia.
The news comes just a week after the US Department of Defense said it has accepted Samsung and Apple mobile devices for use, provided they are supplied by the military rather than individual servicemen and women.