STIGQter STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android Work Environment must be configured to enforce the system application disable list.

DISA Rule

SV-231039r608683_rule

Vulnerability Number

V-231039

Group Title

PP-MDF-991000

Rule Version

KNOX-11-018000

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Samsung Android Work Environment to enforce the system application disable list.

On the management tool, in the Work Environment application section, add all non-AO-approved system app packages to the "system app disable list".

Check Contents

Review Samsung Android Work Environment configuration settings to determine if the system application disable list is enforced.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the Work Environment application section, verify that the "system app disable list" contains all apps that have not been approved for DoD use by the Authorizing Official (AO).

On the Samsung Android device, review the Work Environment apps and confirm that only apps that have been approved for DoD use by the Authorizing Official (AO) are listed.

If on the management tool the "system app disable list" contains non-approved core and preinstalled apps, or on the Samsung Android device non-approved apps are listed, this is a finding.

Vulnerability Number

V-231039

Documentable

False

Rule Version

KNOX-11-018000

Severity Override Guidance

Review Samsung Android Work Environment configuration settings to determine if the system application disable list is enforced.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the Work Environment application section, verify that the "system app disable list" contains all apps that have not been approved for DoD use by the Authorizing Official (AO).

On the Samsung Android device, review the Work Environment apps and confirm that only apps that have been approved for DoD use by the Authorizing Official (AO) are listed.

If on the management tool the "system app disable list" contains non-approved core and preinstalled apps, or on the Samsung Android device non-approved apps are listed, this is a finding.

Check Content Reference

M

Target Key

5248

Comments