STIGQter: STIG Summary: Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Mar 2020:

Samsung Android must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including DoD-approved commercial app repository, management tool server, or mobile application store.

DISA Rule

SV-109027r1_rule

Vulnerability Number

V-99923

Group Title

PP-MDF-301080

Rule Version

KNOX-10-000800

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001806 - The organization defines methods to be employed to enforce the software installation policies.

Weight

10

Fix Recommendation

Configure Samsung Android to disable unauthorized application repositories.

On the management tool, in the device restrictions section, set "installs from unknown sources" to "Disallow".

Note: Google Play must not be disabled. Disabling Google Play will cause system instability and critical updates will not be received.

Check Contents

Review Samsung Android configuration settings to determine if the mobile device has only approved application repositories (DoD-approved commercial app repository, management tool server, and/or mobile application store).

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device restrictions section, verify that "installs from unknown sources" is set to "Disallow".

On the Samsung Android device, do the following:
1. Open Settings >> Apps >> (Overflow menu) >> Special access >> Install unknown apps.
2. Tap (Overflow menu) >> Show system apps.
3. Ensure that each app listed has the status "Disabled" under the app name or that no apps are listed.

If on the management tool "installs from unknown sources" is not set to "Disallow", or on the Samsung Android device an app is listed with a status other than "Disabled", this is a finding.

Note: Google Play must not be disabled. Disabling Google play will cause system instability and critical updates will not be received.

Vulnerability Number

V-99923

Documentable

False

Rule Version

KNOX-10-000800

Severity Override Guidance

Review Samsung Android configuration settings to determine if the mobile device has only approved application repositories (DoD-approved commercial app repository, management tool server, and/or mobile application store).

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device restrictions section, verify that "installs from unknown sources" is set to "Disallow".

On the Samsung Android device, do the following:
1. Open Settings >> Apps >> (Overflow menu) >> Special access >> Install unknown apps.
2. Tap (Overflow menu) >> Show system apps.
3. Ensure that each app listed has the status "Disabled" under the app name or that no apps are listed.

If on the management tool "installs from unknown sources" is not set to "Disallow", or on the Samsung Android device an app is listed with a status other than "Disabled", this is a finding.

Note: Google Play must not be disabled. Disabling Google play will cause system instability and critical updates will not be received.

Check Content Reference

M

Target Key

3613

Comments