STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:SV-103899r1_rule
V-93813
PP-MDF-301140
KNOX-09-000980
CAT I
10
Configure Samsung Android to disallow mount of physical storage media or enable Knox external storage encryption.
If the mobile device does not support removable media, this guidance is not applicable.
Do one of the following:
- Method #1: Disallow mounting of physical storage media.
- Method #2: Enable external storage encryption.
****
Method #1: On the MDM console, for the device, in the "Android user restrictions" group, select "disallow mount physical media".
****
Method #2: On the MDM console, for the device, in the "Knox encryption" group, select "enable external storage encryption".
Review device configuration settings to confirm that mounting of physical storage media is disallowed or Knox external storage encryption is enabled.
If the mobile device does not support removable media, this procedure is not applicable and is not a finding.
This procedure is performed on both the MDM Administration console and the Samsung Android device.
Confirm if Method #1 or Method #2 is used at the Samsung device site and follow the appropriate procedure.
****
Method #1: On the MDM console, for the device, in the "Android user restrictions" group, verify that "disallow mount physical media" is selected.
On the Samsung Android device, verify that a MicroSD card cannot be mounted.
If on the MDM console "disallow mount physical media" is not selected, or a MicroSD card can be mounted by the Samsung Android device, this is a finding.
****
Method #2: On the MDM console, for the device, in the "Knox encryption" group, verify that "enable external storage encryption" is selected.
On the Samsung Android device, verify that a MicroSD card must be encrypted before use.
If on the MDM console "enable external storage encryption" is not selected, or a MicroSD card can be used on the Samsung Android device without first being encrypted, this is a finding.
V-93813
False
KNOX-09-000980
Review device configuration settings to confirm that mounting of physical storage media is disallowed or Knox external storage encryption is enabled.
If the mobile device does not support removable media, this procedure is not applicable and is not a finding.
This procedure is performed on both the MDM Administration console and the Samsung Android device.
Confirm if Method #1 or Method #2 is used at the Samsung device site and follow the appropriate procedure.
****
Method #1: On the MDM console, for the device, in the "Android user restrictions" group, verify that "disallow mount physical media" is selected.
On the Samsung Android device, verify that a MicroSD card cannot be mounted.
If on the MDM console "disallow mount physical media" is not selected, or a MicroSD card can be mounted by the Samsung Android device, this is a finding.
****
Method #2: On the MDM console, for the device, in the "Knox encryption" group, verify that "enable external storage encryption" is selected.
On the Samsung Android device, verify that a MicroSD card must be encrypted before use.
If on the MDM console "enable external storage encryption" is not selected, or a MicroSD card can be used on the Samsung Android device without first being encrypted, this is a finding.
M
3507