STIGQter STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

The Samsung Android Workspace must be configured to prevent users from adding personal email accounts to the work email app.

DISA Rule

SV-103833r1_rule

Vulnerability Number

V-93747

Group Title

PP-MDF-991000

Rule Version

KNOX-09-000020

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Samsung Android Workspace to prevent users from adding personal email accounts to the work email app.

On the MDM console, for the Workspace, do the following:
1. In the "Android account" group, configure "account management" to "disable for the work email app".
2. Provision the user's email account for the work email app.

Refer to the MDM documentation to determine how to provision users' work email accounts for the work email app.

Check Contents

Review the Samsung Android Workspace configuration settings to confirm that users are prevented from adding personal email accounts to the work email app.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the Workspace, do the following:
1. In the "Android account" group, verify that "account management" is configured to "disable for the work email app".
2. Provision the user's email account for the work email app.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Workspace".
3. Tap "Accounts".
4. Tap "Add account".
5. Verify that an account for the work email app cannot be added.

If on the MDM console "account management" is not disabled for the work email app, or on the Samsung Android device the user can add an account for the work email app, this is a finding.

Vulnerability Number

V-93747

Documentable

False

Rule Version

KNOX-09-000020

Severity Override Guidance

Review the Samsung Android Workspace configuration settings to confirm that users are prevented from adding personal email accounts to the work email app.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the Workspace, do the following:
1. In the "Android account" group, verify that "account management" is configured to "disable for the work email app".
2. Provision the user's email account for the work email app.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Workspace".
3. Tap "Accounts".
4. Tap "Add account".
5. Verify that an account for the work email app cannot be added.

If on the MDM console "account management" is not disabled for the work email app, or on the Samsung Android device the user can add an account for the work email app, this is a finding.

Check Content Reference

M

Target Key

3507

Comments