STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android must be configured to not display the following (Work Environment) notifications when the device is locked: all notifications.

DISA Rule

SV-231021r608683_rule

Vulnerability Number

V-231021

Group Title

PP-MDF-301120

Rule Version

KNOX-11-002800

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure Samsung Android to not display (Work Environment) notifications when the device is locked.

This guidance is only applicable to the COPE use case.

On the management tool, in the Work Environment RCP section, set "Show detailed notifications" to "Disallow".

Check Contents

Review Samsung Android configuration settings to determine if Samsung Android displays (Work Environment) notifications on the lock screen. Notifications of incoming phone calls are acceptable even when the device is locked.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

This procedure is only applicable to the COPE use case.

On the management tool, in the Work Environment RCP section, verify that "Show detailed notifications" is set to "Disallow".

On the COPE Samsung Android device:
1. Open Settings >> Work profile >> Notification and data.
2. Verify that "Show notification content" is disabled.

If on the management tool "Show detailed notifications" is not set to "Disallow", or on the Samsung Android device "Show notification content" is not disabled, this is a finding.

NOTE: For the COBO use case, the API to implement this policy has been impacted by DA deprecation, and no KPE alternative policy is available. If the device is deployed in COBO mode, this requirement is not met and is a permanent finding.

Vulnerability Number

V-231021

Documentable

False

Rule Version

KNOX-11-002800

Severity Override Guidance

Review Samsung Android configuration settings to determine if Samsung Android displays (Work Environment) notifications on the lock screen. Notifications of incoming phone calls are acceptable even when the device is locked.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

This procedure is only applicable to the COPE use case.

On the management tool, in the Work Environment RCP section, verify that "Show detailed notifications" is set to "Disallow".

On the COPE Samsung Android device:
1. Open Settings >> Work profile >> Notification and data.
2. Verify that "Show notification content" is disabled.

If on the management tool "Show detailed notifications" is not set to "Disallow", or on the Samsung Android device "Show notification content" is not disabled, this is a finding.

NOTE: For the COBO use case, the API to implement this policy has been impacted by DA deprecation, and no KPE alternative policy is available. If the device is deployed in COBO mode, this requirement is not met and is a permanent finding.

Check Content Reference

M

Target Key

5248

Comments