STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android Work Environment must be configured to disable exceptions to the access control policy that prevents application processes, groups of application processes from accessing all, private data stored by other application processes, groups of application processes. - Disable Copy and Paste data

DISA Rule

SV-231033r608683_rule

Vulnerability Number

V-231033

Group Title

PP-MDF-301260

Rule Version

KNOX-11-009200

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-002191 - The organization defines the information flow control policies to be enforced by the information system using protected processing domains.

Weight

10

Fix Recommendation

Configure Samsung Android Work Environment to enable the access control policy that prevents groups of application processes from accessing all data stored by other groups of application processes.

This guidance is for disabling the sharing of clipboard data from the Work Environment to the Personal Environment and is applicable to COPE only.

On the management tool, in the Work Environment RCP section, set "Sharing clipboard to personal" to "Disallow".

Check Contents

Review Samsung Android Work Environment configuration settings to determine if the access control policy prevents groups of application processes from accessing all data stored by other groups of application processes.

This procedure is for verifying that the sharing of clipboard data from the Work Environment to the Personal Environment is disabled and is applicable to COPE only.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the Work Environment RCP section, verify that "Sharing clipboard to personal" is set to "Disallow".

On the Samsung Android device:
1. Using any Work Environment app, copy text to the clipboard.
2. Using any Personal Environment app, verify that the clipboard text cannot be pasted.

If on the management tool the "Sharing clipboard to personal" is not set to "Disallow", or on the Samsung Android device the clipboard text can be pasted into a Personal Environment app, this is a finding.

Vulnerability Number

V-231033

Documentable

False

Rule Version

KNOX-11-009200

Severity Override Guidance

Review Samsung Android Work Environment configuration settings to determine if the access control policy prevents groups of application processes from accessing all data stored by other groups of application processes.

This procedure is for verifying that the sharing of clipboard data from the Work Environment to the Personal Environment is disabled and is applicable to COPE only.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the Work Environment RCP section, verify that "Sharing clipboard to personal" is set to "Disallow".

On the Samsung Android device:
1. Using any Work Environment app, copy text to the clipboard.
2. Using any Personal Environment app, verify that the clipboard text cannot be pasted.

If on the management tool the "Sharing clipboard to personal" is not set to "Disallow", or on the Samsung Android device the clipboard text can be pasted into a Personal Environment app, this is a finding.

Check Content Reference

M

Target Key

5248

Comments