STIGQter: STIG Summary: Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Mar 2020: STIGQter: STIG Summary: Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Mar 2020:SV-109029r1_rule
V-99925
PP-MDF-301090
KNOX-10-001000
CAT II
10
Configure Samsung Android Work Environment to use an application whitelist.
The application whitelist does not control user access to/execution of all core and preinstalled applications, and guidance for doing so is covered in KNOX-10-009300.
Do one of the following:
- Method #1: Use managed Google Play [not available for KPE(Legacy) deployments].
- Method #2: Use KPE app installation whitelisting.
****
Method #1: Use managed Google Play [not available for KPE(Legacy) deployments].
On the management tool, in the Work Environment app catalog for managed Google Play, add each AO-approved app to be available.
****
Method #2: Use KPE app installation whitelisting.
On the management tool, in the Work Environment KPE restrictions section, add each AO-approved app to the "app installation whitelist".
Note: Refer to the management tool documentation to determine the following:
- If an application installation blacklist is also required to be configured when enforcing an "app installation whitelist"; and
- If the management tool supports adding apps to the "app installation whitelist" by package name and/or digital signature or supports a combination of the two.
Review the Samsung Android Work Environment configuration setting to determine if the mobile device has an application whitelist configured. Verify that all applications listed on the whitelist have been approved by the Approving Official (AO).
This validation procedure is performed only on the management tool Administration Console.
Confirm if Method #1 or #2 is used at the Samsung device site and follow the appropriate procedure.
****
Method #1: Use managed Google Play [not available for KPE(Legacy) deployments].
On the management tool, in the Work Environment app catalog for managed Google Play, verify that only AO-approved apps are available.
If on the management tool the Work Environment app catalog for managed Google Play includes non-AO-approved apps, this is a finding.
****
Method #2: Use KPE app installation whitelisting.
On the management tool, in the Work Environment KPE restrictions section, verify that only AO-approved apps are listed in the "app installation whitelist".
If on the management tool the Work Environment "app installation whitelist" contains non-AO-approved apps, this is a finding.
V-99925
False
KNOX-10-001000
Review the Samsung Android Work Environment configuration setting to determine if the mobile device has an application whitelist configured. Verify that all applications listed on the whitelist have been approved by the Approving Official (AO).
This validation procedure is performed only on the management tool Administration Console.
Confirm if Method #1 or #2 is used at the Samsung device site and follow the appropriate procedure.
****
Method #1: Use managed Google Play [not available for KPE(Legacy) deployments].
On the management tool, in the Work Environment app catalog for managed Google Play, verify that only AO-approved apps are available.
If on the management tool the Work Environment app catalog for managed Google Play includes non-AO-approved apps, this is a finding.
****
Method #2: Use KPE app installation whitelisting.
On the management tool, in the Work Environment KPE restrictions section, verify that only AO-approved apps are listed in the "app installation whitelist".
If on the management tool the Work Environment "app installation whitelist" contains non-AO-approved apps, this is a finding.
M
3613