STIGQter STIGQter: STIG Summary: Samsung Android (with Knox 2.x) STIG Version: 1 Release: 4 Benchmark Date: 22 Apr 2016: The Samsung Knox for Android platform must be configured to require the user to manifest consent to the terms of the DoD-specified warning banner each time the user unlocks the device.

DISA Rule

SV-70369r1_rule

Vulnerability Number

V-56115

Group Title

PP-MDF-001011

Rule Version

KNOX-36-009700

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the mobile device to display the appropriate warning banner text.

On the MDM Administration Console, select the "Enable DoD Banner" check box, and enter the correct text in the "Banner Text" field in the "Android Restrictions" rule.

(**) On some MDM vendor consoles, the logon banner automatically is displayed upon reboot while the device is MDM enrolled. On these consoles, this control is not configurable through the MDM server or on the device.

Check Contents

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Enable DoD Banner" check box and "Banner Text" field in the "Android Restrictions" rule.
2. Verify the "Enable DoD Banner" check box is selected.
3. Verify the correct DoD-specified warning text is displayed in the Banner Text field or the field is blank.

Note: The default device banner matches the required DoD banner. If the DoD banner is enabled without entering any text, the device will display a default text.

On the Samsung Knox for Android device:
1. Reboot the device.
2. Verify the device displays the DoD banner.
3. Verify the DoD banner is set to one of the authorized messages.

If the specified setting is not set to the appropriate value, or the device does not display the DoD banner on reboot, this is a finding.

Vulnerability Number

V-56115

Documentable

False

Rule Version

KNOX-36-009700

Severity Override Guidance

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Enable DoD Banner" check box and "Banner Text" field in the "Android Restrictions" rule.
2. Verify the "Enable DoD Banner" check box is selected.
3. Verify the correct DoD-specified warning text is displayed in the Banner Text field or the field is blank.

Note: The default device banner matches the required DoD banner. If the DoD banner is enabled without entering any text, the device will display a default text.

On the Samsung Knox for Android device:
1. Reboot the device.
2. Verify the device displays the DoD banner.
3. Verify the DoD banner is set to one of the authorized messages.

If the specified setting is not set to the appropriate value, or the device does not display the DoD banner on reboot, this is a finding.

Check Content Reference

M

Target Key

2699

Comments