Mobile technology is evolving at breakneck speed, and security challenges are expanding just as quickly. Mobile devices enable continuous communication, alerting, navigation and data sharing, providing officers real-time situational awareness.
However, cyberthreats like malware, spyware, data theft and denial of service can hinder law enforcement’s core functions. The explosive growth of mobile device use among police forces nationwide shows that to many agencies, the benefits far outweigh the risks.1
The FBI’s Criminal Justice Information Services (CJIS) standards are designed to mitigate these risks, but many departments face the usual challenges of limited budgets and entrenched IT infrastructures, which strains efforts to comply with the policy. These factors are compounded by the need for effective policing in a world where instant access to information is a given.
Despite this challenge, agencies of all sizes should be able to take advantage of the flexibility and capability of mobile solutions while remaining CJIS-compliant. Samsung has long recognized the importance of helping enterprise customers manage security risks and maintain visibility and control across their entire device fleet. Our public safety solutions include the built-in protection of Samsung Knox at the device level and the full cloud-based security and management capabilities of Knox Suite, an all-in-one solution designed to manage and secure enterprise devices. Knox Suite is designed to support IT departments of all sizes and can work with your existing Enterprise Mobility Management (EMM) or Unified Endpoint Management (UEM) platform. It can also serve as a complete solution with Knox Manage, a full-featured EMM included as part of Knox Suite.2
Here are eight essential elements of a secure, CJIS-ready mobile solution that can be effectively managed and maintained by departments and agencies of all sizes:
1. Simplify your IT infrastructure
Mobile devices have proven themselves to be important tools in the field, helping officers streamline day-to-day activities, improve communications, maintain situational awareness and increase safety. With the evolution of smartphone capabilities, the increasing availability of mobile-friendly policing software and applications and the growing adoption of Samsung DeX, some agencies are working toward a mobile-first approach to the IT infrastructure that supports officers. This reduces the need for MDTs, laptops and PCs. Officers can use their Galaxy smartphones for communication, note-taking and on-scene photos and video. They can then dock that same device in their vehicles and use Samsung DeX with a full keyboard and monitor to continue working in a PC-like environment.
Back at the station, Samsung DeX allows them to continue working seamlessly by docking their phone into a desktop monitor and keyboard. This mobile-first approach means officers no longer need to log into multiple, siloed systems and devices to share critical information — and IT departments have fewer devices to manage and secure.
2. Start before the device is even powered on
Security protection should start at the hardware level and be in place before mobile devices are even taken out of the box. Samsung Knox is built into every Galaxy smartphone and tablet and includes a hardware-backed Root of Trust and Verified Boot using ARM TrustZone. These features ensure the operating system (OS) hasn’t been tampered with before full startup, satisfying CJIS requirements for device integrity verification.
Knox employs five layers of security at the silicon level, including Knox Vault, TIMA and Secure Boot. This provides overlapping defenses against low-level and software attacks on Criminal Justice Information (CJI).
3. Protect data at rest
CJIS standards require data at rest (data stored outside of a physically secured environment) to be encrypted. With the built-in protection of Knox, current Galaxy platforms include FIPS 140-2/140-3 validated crypto modules and Android File-Based Encryption (FBE) to keep data secure.3
Knox takes protecting data at rest even further, isolating CJI in a hardware-hardened container that requires separate authentication. This device-level technology controls data sharing and aligns with CJIS “data at rest” guidelines for protecting sensitive files.
4. Plan for lost or stolen devices
By their very nature, mobile devices can more easily be lost or stolen. But with the right combination of data-at-rest protection and centralized management, this risk can be effectively mitigated.
While Knox protects data stored on the device with advanced encryption, Knox Suite can also automatically wipe a device or its secure container if it detects unauthorized root/jailbreak attempts or too many failed logins. Admins can remotely locate, lock, reboot or wipe devices to prevent data breaches.
5. Centralize policy enforcement
Through Knox Suite’s consolidated cloud console, agencies can define and enforce CJIS-specific policies, including password complexity, screen-lock timeouts and camera and USB restrictions. IT admins can then automatically push these standards uniformly to all enrolled devices for continuous compliance. Your team maintains centralized control over critical security-impacting device management policies, allowing you to:
- Control your applications: Remotely configure app settings, perform seamless updates and get insight into how apps are being used. Knox can remotely block unapproved or malicious software from accessing or transmitting CJI. This ensures only vetted applications can run on devices.
- Manage your patches: Threats don’t wait for update cycles. Ensure all devices in your fleet have the latest security patches, wherever they are located, with no user interaction required. Unlike traditional UEMs, Knox Suite provides granular control over the patching process, a critical feature for public safety agencies. Since patching apps during a shift could put officers at risk, Knox Suite also gives admins the ability to easily schedule each user’s updates for the most appropriate time.
Knox Suite streamlines audit and compliance reporting as well. It captures detailed audit event logs covering policy changes, device commands and user actions and retains them for at least 93 days. This can support CJIS requirements for security event monitoring and audit trails.
6. Make security seamless for every user
Officers on patrol and detectives running down leads need to focus on the task at hand, but security still needs to be a priority. Knox Suite makes this easy by centrally managing and enforcing user-friendly security capabilities around things like virtual private network (VPN) and multi-factor authentication (MFA) use.4
Knox policy controls per-app and always-on VPN with leading clients, helping agencies meet CJIS in transit encryption requirements (TLS 1.2+ with FIPS-approved ciphers) without relying on user intervention.
Knox-managed devices can enforce MFA policies for device and app access and integrate with your identity provider (IDP). This supports CJIS IA-2(1)/(2) (multi-factor authentication to privileged and non-privileged accounts) and IA-2(8) (replay-resistant authentication).
Knox Suite can easily integrate with enterprise identity providers for MFA. By federating Knox Manage with SAML- or OAuth-based IDPs, such as Okta or Azure AD, you can enforce agency-wide MFA policies (hardware tokens, SMS/OTP apps, biometric second factors) for any VPN or cloud-service connections that handle CJI, which can satisfy CJIS AAL2 requirements.
7. Stay on top of device health
To meet CJIS continuous monitoring and vulnerability management requirements, IT teams must be able to maintain real-time visibility into the security state and integrity of every device accessing their network. To meet this need, Knox Suite’s Knox Asset Intelligence provides a centralized view of the security health of the entire Samsung device fleet on a single, intuitive dashboard. This helps IT teams identify any outdated, vulnerable or non-compliant devices, track each device’s Android security patch level, and correlate CVEs/SVEs to device models for easier mitigation. In addition, teams can generate historical records of patch status, device integrity checks and vulnerability exposure to help meet CJIS audit requirements.
8. Use AI securely to improve outcomes
Fully 90% of law enforcement agencies use AI to support crime prevention and improve resource management, among other critical tasks.5 However, concerns about AI security can slow its use in some circumstances. Samsung addresses this by giving customers centralized control over Galaxy AI usage and supporting on-device AI processing for critical tasks, such as language translation.
Galaxy AI can be forced to run entirely on the device, so CJI never leaves the handset or traverses public networks.6 This aligns with CJIS mandates for protecting data in transit. Agencies can selectively block or allow individual Galaxy AI operations (e.g., call transcription, generative edit) to minimize attack surfaces and ensure only vetted AI capabilities can interact with CJI.
Additionally, Knox Vault provides hardware-isolated data protection. Apps can use keys protected by Knox Vault to encrypt sensitive AI-related data at rest. An always-on, chip-level “locked room,” called an enclave, satisfies CJIS requirements for hardware-rooted trust using FIPS 140-2 validated modules.
Administrators can use Knox Suite’s Knox Service Plugin to enforce “Allow process data only on device” and “Enable advanced restrictions” for both primary Device-wide and Work Profile, ensuring AI tasks never fall back to cloud processing.
Knox Service Plugin insights with Knox Asset Intelligence also capture detailed logs of AI-related policy changes and usage events. These audit trails can be retained and reviewed to comply with CJIS security event monitoring requirements.
Greater mobility empowers the force
Mobile devices can be force multipliers, enabling officers and commanders to stay connected to what matters most. Still, empowering officers with mobile devices requires a security mindset and a management framework that reduces the IT burden.
Learn more about Samsung’s purpose-built, CJIS-ready mobile solutions for public safety.
