STIGQter STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including DoD-approved commercial app repository, management tool server, or mobile application store.

DISA Rule

SV-231017r608683_rule

Vulnerability Number

V-231017

Group Title

PP-MDF-301080

Rule Version

KNOX-11-001400

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Samsung Android to disable unauthorized application repositories.

On the management tool, in the device restrictions section, set "installs from unknown sources" to "Disallow".

NOTE: Google Play must not be disabled. Disabling Google Play will cause system instability and critical updates will not be received.

Check Contents

Review Samsung Android configuration settings to determine if the mobile device has only approved application repositories (DoD-approved commercial app repository, management tool server, and/or mobile application store).

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device restrictions section, verify that "installs from unknown sources" is set to "Disallow".

On the Samsung Android device:
1. Open Settings >> Apps >> (Overflow menu) >> Special access >> Install unknown apps.
2. Tap (Overflow menu) >> Show system apps.
3. In the "Personal" tab, ensure that each app listed has the status "Disabled" under the app name or that no apps are listed.
4. In the "Work" tab, ensure that each app listed has the status "Disabled" under the app name or that no apps are listed.

If on the management tool "installs from unknown sources" is not set to "Disallow", or on the Samsung Android device an app is listed with a status other than "Disabled", this is a finding.

NOTE: Google Play must not be disabled. Disabling Google Play will cause system instability and critical updates will not be received.

Vulnerability Number

V-231017

Documentable

False

Rule Version

KNOX-11-001400

Severity Override Guidance

Review Samsung Android configuration settings to determine if the mobile device has only approved application repositories (DoD-approved commercial app repository, management tool server, and/or mobile application store).

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device restrictions section, verify that "installs from unknown sources" is set to "Disallow".

On the Samsung Android device:
1. Open Settings >> Apps >> (Overflow menu) >> Special access >> Install unknown apps.
2. Tap (Overflow menu) >> Show system apps.
3. In the "Personal" tab, ensure that each app listed has the status "Disabled" under the app name or that no apps are listed.
4. In the "Work" tab, ensure that each app listed has the status "Disabled" under the app name or that no apps are listed.

If on the management tool "installs from unknown sources" is not set to "Disallow", or on the Samsung Android device an app is listed with a status other than "Disabled", this is a finding.

NOTE: Google Play must not be disabled. Disabling Google Play will cause system instability and critical updates will not be received.

Check Content Reference

M

Target Key

5248

Comments