STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x AE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android Work Environment must be configured to disable the autofill services.

DISA Rule

SV-231002r607691_rule

Vulnerability Number

V-231002

Group Title

PP-MDF-991000

Rule Version

KNOX-11-019700

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the Samsung Android Work Environment to disable autofill services.

On the management tool, in the Work Environment restrictions section, set "Autofill services" to "Disallow".

Check Contents

Review Samsung Android Work Environment configuration settings to determine if autofill services are disabled.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

This policy cannot be enforced on a Legacy deployment and is a permanent finding.

On the management tool, in the Work Environment restrictions section, verify that "Autofill services" is set to "Disallow".

For COPE: On the Samsung Android device:
1. Open Settings >> Work profile >> More settings >> Keyboard and input >> Autofill service.
2. Verify that no Autofill services are listed.

For COBO: On the Samsung Android device:
1. Open Settings >> General management >> Language and input >> Autofill service.
2. Verify that no Autofill services are listed.

If on the management tool "Autofill services" is not set to "Disallow", or on the Samsung Android device autofill services are listed, this is a finding.

Vulnerability Number

V-231002

Documentable

False

Rule Version

KNOX-11-019700

Severity Override Guidance

Review Samsung Android Work Environment configuration settings to determine if autofill services are disabled.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

This policy cannot be enforced on a Legacy deployment and is a permanent finding.

On the management tool, in the Work Environment restrictions section, verify that "Autofill services" is set to "Disallow".

For COPE: On the Samsung Android device:
1. Open Settings >> Work profile >> More settings >> Keyboard and input >> Autofill service.
2. Verify that no Autofill services are listed.

For COBO: On the Samsung Android device:
1. Open Settings >> General management >> Language and input >> Autofill service.
2. Verify that no Autofill services are listed.

If on the management tool "Autofill services" is not set to "Disallow", or on the Samsung Android device autofill services are listed, this is a finding.

Check Content Reference

M

Target Key

5247

Comments