The Australian Signals Directorate (ASD) gave Samsung detailed technical advice during a three-year evaluation process that resulted in the Galaxy S9 and S9+ being certified for use with classified government data.
Samsung's Galaxy S9 and S9+ are the first Android-based smartphones certified by ASD for use with data classified at the PROTECTED level. Samsung announced earlier this month that the devices’ certification had been accepted.
The certified devices include Samsung's security platform Knox and meet the requirements to host protected information when used with the security configuration guidance published on the website of the Australian Cyber Security Centre (ACSC), which is led by the ASD.
According to Samsung Electronics Australia, the devices were evaluated under the ASD Cryptographic Evaluation (ACE) program, which tested the strength and effectiveness of the security architecture and cryptographic algorithms.
The ACE was conducted over three product versions the S7, S8 and S9 smartphones and during this time Samsung, where possible, implemented security recommendations, according to the ASD.
The evaluation also assessed the implementation of IPsec, secure encryption key generation and secure certificate generation.
“The decision balances government and Defence employees’ high demand for access to Android Operating system smartphones, and the critical need to protect sensitive data,” an ASD spokesperson told Computerworld.
The ASD said that during its three-year evaluation process Samsung had made a number of required security changes.
“As a result of this evaluation, ASD is satisfied that the smartphones are suitable to be used at the PROTECTED classification level when configured in the accordance with ASD’s configuration guide,” the spokesperson explained.
The ASD said that the decision would give government and Defence smartphone users greater choice and flexibility, and promotes competition between vendors for the benefit of all Australians.
“From a hardware and software level, security is embedded into our devices and is a core pillar for how we ensure that our customers can operate our smartphones with confidence and with the option to scale their security protocols based on the needs of their workplace,” said Garry McGregor, vice president of IT and mobile at Samsung Electronics Australia.
“Samsung is committed to working with Australian organisations to ensure that our devices can provide the best possible levels of functionality as well as security.” he added.
Apple devices using iOS 12, including iPod Touch, iPhone and iPad, are also certified for use with PROTECTED data. The certification was accepted in 2016.