STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COBO Use Case KPE(Legacy) Deployment Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jul 2020: STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COBO Use Case KPE(Legacy) Deployment Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jul 2020:SV-103701r1_rule
V-93615
PP-MDF-301230
KNOX-09-000865
CAT II
10
Configure the Samsung Android to disable backup to remote systems (including commercial clouds).
On the MDM console, for the device, do the following:
1. In the "Knox restrictions" group, unselect "allow google backup".
2. In the "Knox restrictions" group, unselect "allow google accounts auto sync".
3. In the "Knox application" group, add all preinstalled public cloud backup system apps to the system application disable list if not already configured.
Note: The guidance for disablement of system apps that have the characteristic "back up MD data to non-DoD cloud servers (including user and application access to cloud backup services)" is covered by KNOX-09-000105.
Review device configuration settings to confirm that backup to a remote system has been disabled.
This procedure is performed on the MDM Administration console and the Samsung device.
On the MDM console, for the device, do the following:
1. In the "Knox restrictions" group, verify that "allow google backup" is not selected.
2. In the "Knox restrictions" group, verify that "allow google accounts auto sync" is not selected.
3. In the "Knox application" group, verify that the system application disable list contains all preinstalled cloud backup system apps.
On the Samsung Android device:
1. Open Settings.
2. Tap "Accounts and backup".
3. Tap "Backup and restore".
4. Verify that "Backup my data" is disabled and cannot be enabled.
5. Tap back and tap "Accounts".
6. Tap a listed Google account.
7. Tap "Sync account" and verify that all sync options are disabled and cannot be enabled.
8. Review the apps on the "Personal" App screen and confirm that none of the cloud backup system apps are present.
If on the MDM console "allow google backup" is selected or "allow google accounts auto sync" is selected, or on the Samsung Android device "Backup my data" can be enabled, "sync options" are enabled for a Google Account, or a "cloud backup" system app is present on the "Personal" App screen, this is a finding.
V-93615
False
KNOX-09-000865
Review device configuration settings to confirm that backup to a remote system has been disabled.
This procedure is performed on the MDM Administration console and the Samsung device.
On the MDM console, for the device, do the following:
1. In the "Knox restrictions" group, verify that "allow google backup" is not selected.
2. In the "Knox restrictions" group, verify that "allow google accounts auto sync" is not selected.
3. In the "Knox application" group, verify that the system application disable list contains all preinstalled cloud backup system apps.
On the Samsung Android device:
1. Open Settings.
2. Tap "Accounts and backup".
3. Tap "Backup and restore".
4. Verify that "Backup my data" is disabled and cannot be enabled.
5. Tap back and tap "Accounts".
6. Tap a listed Google account.
7. Tap "Sync account" and verify that all sync options are disabled and cannot be enabled.
8. Review the apps on the "Personal" App screen and confirm that none of the cloud backup system apps are present.
If on the MDM console "allow google backup" is selected or "allow google accounts auto sync" is selected, or on the Samsung Android device "Backup my data" can be enabled, "sync options" are enabled for a Google Account, or a "cloud backup" system app is present on the "Personal" App screen, this is a finding.
M
3497