STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android Work Environment must allow only the Administrator (management tool) to perform the following management function: install/remove DoD root and intermediate PKI certificates.

DISA Rule

SV-231051r608683_rule

Vulnerability Number

V-231051

Group Title

PP-MDF-992000

Rule Version

KNOX-11-023200

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-000370 - The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components.

Weight

10

Fix Recommendation

Configure Samsung Android Work Environment to prevent a user from removing DoD root and intermediate PKI certificates.

On the management tool, in the Work Environment restrictions section, set "User Remove Certificates" to "Disallow".

Check Contents

Review Samsung Android Work Environment configuration settings to determine if the user is unable to remove DoD root and intermediate PKI certificates.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the Work Environment restrictions section, verify "User Remove Certificates" is set to "Disallow".

On the Samsung Android device:
1. Open Settings >> Biometrics and security >> Other security settings >> View security certificates.
2. In the System tab, verify that no listed certificate in the Work Environment can be untrusted.
3. In the User tab, verify that no listed certificate in the Work Environment can be removed.

If on the management tool the device "User Remove Certificates" is not set to "Disallow", or on the Samsung Android device a certificate can be untrusted or removed, this is a finding.

Vulnerability Number

V-231051

Documentable

False

Rule Version

KNOX-11-023200

Severity Override Guidance

Review Samsung Android Work Environment configuration settings to determine if the user is unable to remove DoD root and intermediate PKI certificates.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the Work Environment restrictions section, verify "User Remove Certificates" is set to "Disallow".

On the Samsung Android device:
1. Open Settings >> Biometrics and security >> Other security settings >> View security certificates.
2. In the System tab, verify that no listed certificate in the Work Environment can be untrusted.
3. In the User tab, verify that no listed certificate in the Work Environment can be removed.

If on the management tool the device "User Remove Certificates" is not set to "Disallow", or on the Samsung Android device a certificate can be untrusted or removed, this is a finding.

Check Content Reference

M

Target Key

5248

Comments