STIGQter: STIG Summary: Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Mar 2020:

Samsung Android Work Environment must be configured to disable exceptions to the access control policy that prevents application processes, groups of application processes from accessing all, private data stored by other application processes, groups of application processes. - Disable Sync Calendar to personal

DISA Rule

SV-109061r1_rule

Vulnerability Number

V-99957

Group Title

PP-MDF-301260

Rule Version

KNOX-10-004800

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-002191 - The organization defines the information flow control policies to be enforced by the information system using protected processing domains.

Weight

10

Fix Recommendation

Configure Samsung Android Work Environment to enable the access control policy that prevents groups of application processes from accessing all data stored by other groups of application processes.

This guidance is for disallowing Calendar events created in the Work Environment from being displayed in the Personal Environment Calendar and is applicable to COPE only.

On the management tool, in the Work Environment KPE RCP section, set "Sync calendar to personal" to "Disallow".

Check Contents

Review Samsung Android Work Environment configuration settings to determine if the access control policy prevents groups of application processes from accessing all data stored by other groups of application processes.

This procedure is for verifying that Calendar events created in the Work Environment are disallowed from being displayed in the Personal Environment Calendar and is applicable to COPE only.

This procedure is performed on the management tool Administration console only.

On the management tool, in the Work Environment KPE RCP section, verify that "Sync calendar to personal" is set to "Disallow".

On the Samsung Android device, do the following:
1. Open Settings >> Work profile >> Notifications and data.
2. Verify that "Export to personal calendar" is disabled and cannot be enabled.

If on the management tool the "Sync calendar to personal" is not set to "Disallow", or on the Samsung Android device "Export to personal calendar" is enabled or can be enabled, this is a finding.

Vulnerability Number

V-99957

Documentable

False

Rule Version

KNOX-10-004800

Severity Override Guidance

Review Samsung Android Work Environment configuration settings to determine if the access control policy prevents groups of application processes from accessing all data stored by other groups of application processes.

This procedure is for verifying that Calendar events created in the Work Environment are disallowed from being displayed in the Personal Environment Calendar and is applicable to COPE only.

This procedure is performed on the management tool Administration console only.

On the management tool, in the Work Environment KPE RCP section, verify that "Sync calendar to personal" is set to "Disallow".

On the Samsung Android device, do the following:
1. Open Settings >> Work profile >> Notifications and data.
2. Verify that "Export to personal calendar" is disabled and cannot be enabled.

If on the management tool the "Sync calendar to personal" is not set to "Disallow", or on the Samsung Android device "Export to personal calendar" is enabled or can be enabled, this is a finding.

Check Content Reference

M

Target Key

3613

Comments