STIGQter STIGQter: STIG Summary: Samsung Android OS 5 with Knox 2.0 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Apr 2019: The Samsung Knox for Android platform must display the DoD advisory warning message at start-up or each time the user unlocks the device.

DISA Rule

SV-75713r1_rule

Vulnerability Number

V-61233

Group Title

PP-MDF-201015

Rule Version

KNOX-36-009700

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the MOS to display the DoD-mandated warning banner text.

On the MDM Administration Console, select the "Enable DoD Banner" check box, and enter the correct text in the "Banner Text" field in the "Android Restrictions" rule.

(**) On some MDM vendor consoles, the logon banner automatically is displayed upon reboot while the device is MDM enrolled. On these consoles, this control is not configurable through the MDM server or on the device.

Check Contents

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Enable DoD Banner" check box and "Banner Text" field in the "Android Restrictions" rule.
2. Verify the "Enable DoD Banner" check box is selected.
3. Verify the correct DoD-specified warning text is displayed in the Banner Text field or the field is blank.
Note: The default device banner matches the required DoD banner. If the DoD banner is enabled without entering any text, the device will display a default text.

On the Samsung Knox for Android device:
1. Reboot the device.
2. Verify the device displays the DoD banner.
3. Verify the DoD banner is set to one of the authorized messages.

If the specified setting is not set to the appropriate value, or the device does not display the DoD banner on reboot, this is a finding.

Vulnerability Number

V-61233

Documentable

False

Rule Version

KNOX-36-009700

Severity Override Guidance

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Enable DoD Banner" check box and "Banner Text" field in the "Android Restrictions" rule.
2. Verify the "Enable DoD Banner" check box is selected.
3. Verify the correct DoD-specified warning text is displayed in the Banner Text field or the field is blank.
Note: The default device banner matches the required DoD banner. If the DoD banner is enabled without entering any text, the device will display a default text.

On the Samsung Knox for Android device:
1. Reboot the device.
2. Verify the device displays the DoD banner.
3. Verify the DoD banner is set to one of the authorized messages.

If the specified setting is not set to the appropriate value, or the device does not display the DoD banner on reboot, this is a finding.

Check Content Reference

M

Target Key

2889

Comments