STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Samsung Android must be configured to disable developer modes.

DISA Rule

SV-103895r1_rule

Vulnerability Number

V-93809

Group Title

PP-MDF-301170

Rule Version

KNOX-09-000920

Severity

CAT II

CCI(s)

CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

Fix Recommendation

Configure Samsung Android to disallow debugging features.

On the MDM console, for the device, in the "Android user restrictions" group, select "disallow debugging features".

Check Contents

Review device configuration settings to confirm that debugging features are disallowed.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Android user restrictions" group, verify that "disallow debugging features" is selected.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "About phone".
3. Tap "Software information".
4. Tap "Build number".
5. Verify that the message "Unable to perform action" is displayed.

If on the MDM console "disallow debugging features" is not selected, or on the Samsung Android device the "Unable to perform action" message is not displayed, this is a finding.

Vulnerability Number

V-93809

Documentable

False

Rule Version

KNOX-09-000920

Severity Override Guidance

Check Content Reference

Target Key

3507

Samsung Android must be configured to disable developer modes.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments