STIGQter STIGQter: STIG Summary: Samsung Android (with Knox 2.x) STIG Version: 1 Release: 4 Benchmark Date: 22 Apr 2016: The Samsung Knox for Android container must be configured to implement the management setting: configure application disable list.

DISA Rule

SV-70397r1_rule

Vulnerability Number

V-56143

Group Title

PP-MDF-991000

Rule Version

KNOX-39-020700

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the mobile operating system to disable all pre-installed container applications that are not DoD-approved.

On the MDM Administration Console, add all pre-installed container applications that are not DoD-approved to the "Application disable list" setting in the "Android Knox Container -> Container Application" rule.

(Note: Refer to the Supplemental document for additional information.)

Check Contents

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Application disable list" setting in the "Android Knox Container -> Container Application" rule.
2. Verify the list contains all core and pre-installed applications not approved for DoD use by the Approving Official (AO).
(Note: Refer to the Supplemental document for additional information.)

On the Samsung Knox for Android device:
1. Open the Knox container.
2. Attempt to launch an application that is included on the disable list. (Note: This application should not be visible.)

If the "Application disable list" configuration in the MDM console does not contain all core and pre-installed applications not approved by DoD, or if the user is able to successfully launch an application on this list, this is a finding.

Note: Core applications are apps installed in the operating system by the OS developer. In addition, third-party pre-installed apps are included in the OS build by the device vendor or wireless carrier.

Vulnerability Number

V-56143

Documentable

False

Rule Version

KNOX-39-020700

Severity Override Guidance

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Application disable list" setting in the "Android Knox Container -> Container Application" rule.
2. Verify the list contains all core and pre-installed applications not approved for DoD use by the Approving Official (AO).
(Note: Refer to the Supplemental document for additional information.)

On the Samsung Knox for Android device:
1. Open the Knox container.
2. Attempt to launch an application that is included on the disable list. (Note: This application should not be visible.)

If the "Application disable list" configuration in the MDM console does not contain all core and pre-installed applications not approved by DoD, or if the user is able to successfully launch an application on this list, this is a finding.

Note: Core applications are apps installed in the operating system by the OS developer. In addition, third-party pre-installed apps are included in the OS build by the device vendor or wireless carrier.

Check Content Reference

M

Target Key

2699

Comments