STIGQter STIGQter: STIG Summary: Samsung Android OS 6 with KNOX 2.x Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 26 Apr 2019: The Samsung KNOX for Android platform must be configured to disable VPN split-tunneling (if the mobile device provides a configurable control for FDP_IFC_EXT.1.1).

DISA Rule

SV-84277r1_rule

Vulnerability Number

V-69655

Group Title

PP-MDF-201029

Rule Version

KNOX-35-024700

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the mobile operating system to disable VPN split-tunneling (if the mobile device provides a configurable control).

Configure the operating system to enable CC mode.

On the MDM Administration Console, enable the "CC mode" setting in the "Android Restrictions" rule.

If this setting is not available on the console, install the CC mode APK and enable CC mode from this application.

This APK will be made available by Samsung.

Check Contents

Note: This validation procedure is identical to the one for KNOX-39-015600. It only needs to be performed once. If it is found compliant on the first check, it is also compliant here. If it is determined to be a finding on the first check, it is also a finding here. Redundant checks are necessary to maintain requirements traceability and provide complete risk management information to Authorizing Officials (AOs).

This validation procedure is performed on both the MDM Administration Console and the Samsung KNOX for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "CC Mode" settings in the "Android Restrictions" rule.
2. Verify the value is enabled.

Note: If the MDM does not support CC mode, ask the MDM administrator if the Samsung APK has been installed and CC mode enabled.

On the Samsung KNOX for Android device:
1. Open the device settings.
2. Select "About Device".
3. Select "Software info" (Note: On some devices, this step is not needed.)
4. Verify the value of "Security software version" displays "Enforced".

If the CC mode setting is not enabled, or if the "Security software version" on the device does not display "Enforced", this is a finding.

Vulnerability Number

V-69655

Documentable

False

Rule Version

KNOX-35-024700

Severity Override Guidance

Note: This validation procedure is identical to the one for KNOX-39-015600. It only needs to be performed once. If it is found compliant on the first check, it is also compliant here. If it is determined to be a finding on the first check, it is also a finding here. Redundant checks are necessary to maintain requirements traceability and provide complete risk management information to Authorizing Officials (AOs).

This validation procedure is performed on both the MDM Administration Console and the Samsung KNOX for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "CC Mode" settings in the "Android Restrictions" rule.
2. Verify the value is enabled.

Note: If the MDM does not support CC mode, ask the MDM administrator if the Samsung APK has been installed and CC mode enabled.

On the Samsung KNOX for Android device:
1. Open the device settings.
2. Select "About Device".
3. Select "Software info" (Note: On some devices, this step is not needed.)
4. Verify the value of "Security software version" displays "Enforced".

If the CC mode setting is not enabled, or if the "Security software version" on the device does not display "Enforced", this is a finding.

Check Content Reference

M

Target Key

3083

Comments