STIGQter STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019: Samsung Android must be configured to disable all Bluetooth profiles except HSP (Headset Profile), HFP (HandsFree Profile), and SPP (Serial Port Profile).

DISA Rule

SV-103879r1_rule

Vulnerability Number

V-93793

Group Title

PP-MDF-301110

Rule Version

KNOX-09-000660

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure Samsung Android to disable all Bluetooth profiles except HSP, HFP, and SPP.

On the MDM console, for the device, in the "Knox Bluetooth" group, select "HFP, HSP, and SPP" in the "allowed profiles".

Check Contents

Review device configuration settings to confirm that all Bluetooth profiles are disabled except HSP, HFP, and SPP.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Knox Bluetooth" group, verify that only "HFP, HSP, and SPP" are selected in the "allowed profiles".

On the Samsung Android device, verify that a Bluetooth peripheral that uses a profile other than HSP, HFP, or SPP (e.g., a Bluetooth keyboard) cannot be paired.

If on the MDM console "allowed profiles" has any selection other than "HSP, HFP, and SPP", or the Samsung Android device is able to pair with a Bluetooth keyboard, this is a finding.

Note: Disabling the Bluetooth radio will satisfy this requirement.

Vulnerability Number

V-93793

Documentable

False

Rule Version

KNOX-09-000660

Severity Override Guidance

Review device configuration settings to confirm that all Bluetooth profiles are disabled except HSP, HFP, and SPP.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Knox Bluetooth" group, verify that only "HFP, HSP, and SPP" are selected in the "allowed profiles".

On the Samsung Android device, verify that a Bluetooth peripheral that uses a profile other than HSP, HFP, or SPP (e.g., a Bluetooth keyboard) cannot be paired.

If on the MDM console "allowed profiles" has any selection other than "HSP, HFP, and SPP", or the Samsung Android device is able to pair with a Bluetooth keyboard, this is a finding.

Note: Disabling the Bluetooth radio will satisfy this requirement.

Check Content Reference

M

Target Key

3507

Comments