Samsung has submitted three of its mobile devices to the Australian Signals Directorate in an attempt to have them accepted for use in the workplace by government officials.
The security posture of the Samsung Galaxy SIII, Samsung Galaxy Note II and Samsung Galaxy Note 10.1 are to be audited against EAL2 standards by third party assessor BAE Systems Detica.
BAE has been licensed by the Australian Signals Directorate (formerly known as the DSD or Defence Signals Directorate) to provide Common Criteria evaluations for technology products.
If the devices are approved, Australian Government officials will be permitted to transmit and store information of 'unclassified' status using these devices.
A spokesperson for Defence told iTnews this was “the first time an Android device will undergo this kind of evaluation on behalf of ASD.”
Andre Obradovic, director for enterprise and SMB at Samsung Electronics Australia, said late last year the company was approached by enterprise and several government customers asking about DSD certification of its devices, spurring an investment in the certification process.
He confirmed the cost of the audit was charged to Samsung.
"We have worked for several months with Detica and DSD to progress to the point of starting the evaluation and we are happy with the progress made so far to place us under evaluation," he said.
The audit for the Samsung Android devices is not expected to be completed before the end of the year.
Which mobile device for which data?
The varying levels of certification across the mobile ecosystem reveals few choices for government officials working with information more sensitive than 'unclassified'.
According to the Directorate's Evaluated Products List, government officials can use Blackberry Enterprise Server (BES) for data that is 'unclassified', 'in-confidence', 'restricted' and 'protected' in status, provided the agency follows a strict set of best practices and approved devices.
RIM recently submitted the new Blackberry 10 operating system for further consideration, a process which should be completed by the third calendar quarter of this year.
Apple iOS devices, by contrast, have been certified as secure enough only for the storage of 'protected' and 'unclassified' data.
Good Technologies has submitted a cryptographic evaluation for its Good for Enterprise (GFE) mobile device management solution, which in time could lead to an easier path for a wider variety of devices to be approved for government use.
GFE has passed the ASD's cryptographic evaluation under a set of strict conditions. These conditions require a device running Apple iOS5.1 or higher configured in accordance with ASD’s iOS Hardening Configuration guide.
The ASD's guide for using the GFE suite states that users of Good’s on-premise solution can transmit and store data up to 'protected' level, while its cloud-based solution can only store and transmit data up to the 'unclassified' level.
A Common Criteria evaluation of GFE is yet to be completed.
At present, no devices running the Microsoft Windows Phone OS are ASD certified.
Microsoft had successfully achieved Common Criteria certification and ASD Cryptographic Evaluation for its Windows Mobile OS several years ago, but no devices that use the OS were approved before it was replaced with the Windows Phone operating system.