STIGQter STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android must be configured to disallow outgoing beam.

DISA Rule

SV-231047r608683_rule

Vulnerability Number

V-231047

Group Title

PP-MDF-991000

Rule Version

KNOX-11-021800

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Samsung Android to disallow outgoing beam.

This requirement is inherently met for COPE as outgoing beam in a "Profile/Workspace" cannot be initiated.

This guidance is applicable to COBO only.

On the MDM console, in the Work Environment restrictions section, set "outgoing beam" to "disallow".

Check Contents

Review Samsung Android Work Environment configuration settings to verify that outgoing beam is disallowed.

This requirement is inherently met for COPE as outgoing beam in a "Profile/Workspace" cannot be initiated.

This validation procedure is applicable to COBO only.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, in the Work Environment restrictions section, verify that "disallow outgoing beam" is selected.

On the Samsung Android device, open a picture, contact, or web page and put it back to back with an unlocked outgoing beam-enabled device. Verify that outgoing beam cannot be started.

If on the MDM console "outgoing beam" is not set to "disallow", or on the Samsung Android device the user is able to successfully start outgoing beam, this is a finding.

Vulnerability Number

V-231047

Documentable

False

Rule Version

KNOX-11-021800

Severity Override Guidance

Review Samsung Android Work Environment configuration settings to verify that outgoing beam is disallowed.

This requirement is inherently met for COPE as outgoing beam in a "Profile/Workspace" cannot be initiated.

This validation procedure is applicable to COBO only.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, in the Work Environment restrictions section, verify that "disallow outgoing beam" is selected.

On the Samsung Android device, open a picture, contact, or web page and put it back to back with an unlocked outgoing beam-enabled device. Verify that outgoing beam cannot be started.

If on the MDM console "outgoing beam" is not set to "disallow", or on the Samsung Android device the user is able to successfully start outgoing beam, this is a finding.

Check Content Reference

M

Target Key

5248

Comments