STIGQter STIGQter: STIG Summary: Samsung Android (with Knox 2.x) STIG Version: 1 Release: 4 Benchmark Date: 22 Apr 2016: The Samsung Knox for Android platform must be configured to enforce an application installation policy by specifying one or more authorized application repositories: enroll in MDM.

DISA Rule

SV-70307r1_rule

Vulnerability Number

V-56053

Group Title

PP-MDF-001004

Rule Version

KNOX-35-009020

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Enroll the device in MDM.

Implement MDM to centrally manage configuration settings.

Check Contents

Note: This validation procedure is identical to the one for KNOX-35-020900. It only needs to be performed once. If it is found compliant on the first check, it is also compliant here. If it is determined to be a finding on first check, it is also a finding here. Redundant checks are necessary to maintain requirements traceability and provide complete risk management information to AOs.

Configuring an application installation policy on Samsung Knox for Android by specifying an application repository involves three steps: (1) Disabling Google Play, (2) Disabling unknown application sources, and (3) Enrolling in MDM (which designates the repository). This validation procedure covers the last of these steps. It is performed on the Samsung Knox for Android device only.

On the Samsung Knox for Android device:
1. Open the application list and verify the presence of an MDM agent.
2. Open the MDM agent and verify that the MDM agent has been enrolled.
Note: Verification on the MDM agent is MDM vendor specific.

If the MDM agent is not present on the Samsung Knox for Android device, or if the MDM agent has not been enrolled, this is a finding.

Vulnerability Number

V-56053

Documentable

False

Rule Version

KNOX-35-009020

Severity Override Guidance

Note: This validation procedure is identical to the one for KNOX-35-020900. It only needs to be performed once. If it is found compliant on the first check, it is also compliant here. If it is determined to be a finding on first check, it is also a finding here. Redundant checks are necessary to maintain requirements traceability and provide complete risk management information to AOs.

Configuring an application installation policy on Samsung Knox for Android by specifying an application repository involves three steps: (1) Disabling Google Play, (2) Disabling unknown application sources, and (3) Enrolling in MDM (which designates the repository). This validation procedure covers the last of these steps. It is performed on the Samsung Knox for Android device only.

On the Samsung Knox for Android device:
1. Open the application list and verify the presence of an MDM agent.
2. Open the MDM agent and verify that the MDM agent has been enrolled.
Note: Verification on the MDM agent is MDM vendor specific.

If the MDM agent is not present on the Samsung Knox for Android device, or if the MDM agent has not been enrolled, this is a finding.

Check Content Reference

M

Target Key

2699

Comments