STIGQter STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android Work Environment must be configured to disable exceptions to the access control policy that prevents application processes, groups of application processes from accessing all, private data stored by other application processes, groups of application processes. - Disable Sync Calendar to personal

DISA Rule

SV-231034r608683_rule

Vulnerability Number

V-231034

Group Title

PP-MDF-301260

Rule Version

KNOX-11-009400

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Samsung Android Work Environment to enable the access control policy that prevents groups of application processes from accessing all data stored by other groups of application processes.

This guidance is for disallowing Calendar events created in the Work Environment from being displayed in the Personal Environment Calendar and is applicable to COPE only.

On the management tool, in the Work Environment RCP section, set "Sync calendar to personal" to "Disallow".

Check Contents

Review Samsung Android Work Environment configuration settings to determine if the access control policy prevents groups of application processes from accessing all data stored by other groups of application processes.

This procedure is for verifying that Calendar events created in the Work Environment are disallowed from being displayed in the Personal Environment Calendar and is applicable to COPE only.

This procedure is performed on the management tool Administration console only.

On the management tool, in the Work Environment RCP section, verify that "Sync calendar to personal" is set to "Disallow".

On the COPE Samsung Android device:
1. Open Settings >> Work profile >> Notifications and data.
2. Verify that "Export to personal calendar" is disabled and cannot be enabled.

If on the management tool the "Sync calendar to personal" is not set to "Disallow", or on the Samsung Android device "Export to personal calendar" is enabled or can be enabled, this is a finding.

Vulnerability Number

V-231034

Documentable

False

Rule Version

KNOX-11-009400

Severity Override Guidance

Review Samsung Android Work Environment configuration settings to determine if the access control policy prevents groups of application processes from accessing all data stored by other groups of application processes.

This procedure is for verifying that Calendar events created in the Work Environment are disallowed from being displayed in the Personal Environment Calendar and is applicable to COPE only.

This procedure is performed on the management tool Administration console only.

On the management tool, in the Work Environment RCP section, verify that "Sync calendar to personal" is set to "Disallow".

On the COPE Samsung Android device:
1. Open Settings >> Work profile >> Notifications and data.
2. Verify that "Export to personal calendar" is disabled and cannot be enabled.

If on the management tool the "Sync calendar to personal" is not set to "Disallow", or on the Samsung Android device "Export to personal calendar" is enabled or can be enabled, this is a finding.

Check Content Reference

M

Target Key

5248

Comments