STIGQter STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Samsung Android Workspace must be configured to disable automatic completion of Samsung Internet browser text input.

DISA Rule

SV-103875r1_rule

Vulnerability Number

V-93789

Group Title

PP-MDF-991000

Rule Version

KNOX-09-000590

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Samsung Android Workspace to disable automatic completion of Samsung Internet app text input.

On the MDM console, for the Workspace, in the "Knox restrictions" group, unselect "allow autofill".

Check Contents

Review the Samsung Android Workspace configuration settings to confirm that automatic completion of Samsung Internet app text input is disabled.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the Workspace, in the "Knox restrictions" group, verify that "allow autofill" is not selected.

On the Samsung Android device, do the following:
1. From the "Workspace" App screen, launch the "Samsung Internet" app.
2. From the collapsed menu icon (three horizontal bars) on the toolbar, tap "Settings".
3. Tap "Privacy and security".
4. Verify that "Autofill forms" is disabled and cannot be enabled.

If on the MDM console "allow autofill" is selected, or if on the Samsung Android device "Autofill forms" can be enabled by the user, this is a finding.

Vulnerability Number

V-93789

Documentable

False

Rule Version

KNOX-09-000590

Severity Override Guidance

Review the Samsung Android Workspace configuration settings to confirm that automatic completion of Samsung Internet app text input is disabled.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the Workspace, in the "Knox restrictions" group, verify that "allow autofill" is not selected.

On the Samsung Android device, do the following:
1. From the "Workspace" App screen, launch the "Samsung Internet" app.
2. From the collapsed menu icon (three horizontal bars) on the toolbar, tap "Settings".
3. Tap "Privacy and security".
4. Verify that "Autofill forms" is disabled and cannot be enabled.

If on the MDM console "allow autofill" is selected, or if on the Samsung Android device "Autofill forms" can be enabled by the user, this is a finding.

Check Content Reference

M

Target Key

3507

Comments