STIGQter: STIG Summary: Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Mar 2020:

Samsung Android must be configured to enable audit logging.

DISA Rule

SV-109073r1_rule

Vulnerability Number

V-99969

Group Title

PP-MDF-991000

Rule Version

KNOX-10-009500

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure Samsung Android to enable audit logging.

Do one of the following:
- Method #1: KPE Audit logging
- Method #2: AE Audit logging

****

Method #1: KPE Audit logging

On the management tool, in the device KPE audit log section, set "Audit log" to "Enable".

****

Method #2: AE Audit logging

On the management tool, do the following:
1. In the device restrictions section, set "Security logging" to "Enable".
2. In the device restrictions section, set "Network logging" to "Enable".

Check Contents

Review Samsung Android device configuration settings to confirm that Audit logging is enabled.

Confirm if Method #1 or #2 is used at the Samsung device site and follow the appropriate procedure.

This validation procedure is performed on the management tool Administration Console only.

****

Method #1: KPE Audit logging

On the management tool, for the device KPE audit log section, verify that "Audit log" is set to "Enable".

If on the management tool the "Audit log" is not set to "Enable", this is a finding.

****

Method #2: AE Audit logging

On the management tool, do the following:
1. In the device restrictions section, verify that "Security logging" is set to "Enable".
2. In the device restrictions section, verify that "Network logging" is set to "Enable".

If on the management tool both "Security logging" and "Network logging are not set to "Enable", this is a finding.

Vulnerability Number

V-99969

Documentable

False

Rule Version

KNOX-10-009500

Severity Override Guidance

Review Samsung Android device configuration settings to confirm that Audit logging is enabled.

Confirm if Method #1 or #2 is used at the Samsung device site and follow the appropriate procedure.

This validation procedure is performed on the management tool Administration Console only.

****

Method #1: KPE Audit logging

On the management tool, for the device KPE audit log section, verify that "Audit log" is set to "Enable".

If on the management tool the "Audit log" is not set to "Enable", this is a finding.

****

Method #2: AE Audit logging

On the management tool, do the following:
1. In the device restrictions section, verify that "Security logging" is set to "Enable".
2. In the device restrictions section, verify that "Network logging" is set to "Enable".

If on the management tool both "Security logging" and "Network logging are not set to "Enable", this is a finding.

Check Content Reference

M

Target Key

3613

Comments