STIGQter STIGQter: STIG Summary: Samsung Android OS 7 with Knox 2.x Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The Samsung Android 7 with Knox must be configured to enable encryption for information at rest on removable storage media or alternately, the use of removable storage media must be disabled.

DISA Rule

SV-91241r1_rule

Vulnerability Number

V-76545

Group Title

PP-MDF-301140

Rule Version

KNOX-07-003000

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the Samsung Android 7 with Knox to enable information at rest protection for removable media.

On the MDM console, do the following:
Enable the "External Storage Encryption" setting in the "Android Security" rule.

Check Contents

If the mobile device does not support removable media, this requirement is not applicable.

Review Samsung Android 7 with Knox configuration settings to determine if data in the mobile device's removable storage media is encrypted.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Storage Encryption" setting in the "Android Security" rule.
2. Verify the "SD Card Encryption" setting is enabled.

On the Samsung Android 7 with Knox device, do the following:
1. Open the device settings.
2. Select "Lock screen and security".
3. Insert a MicroSD card into the device.
4. If the MicroSD card is not already encrypted, select "Encrypt SD card". Verify "The security policy restricts use of SD cards that are not encrypted" is displayed.
5. If the MicroSD card is encrypted, verify "Decrypt SD card" is displayed and cannot be selected.

If the specified encryption settings are not set to the appropriate values, this is a finding.

Vulnerability Number

V-76545

Documentable

False

Rule Version

KNOX-07-003000

Severity Override Guidance

If the mobile device does not support removable media, this requirement is not applicable.

Review Samsung Android 7 with Knox configuration settings to determine if data in the mobile device's removable storage media is encrypted.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Storage Encryption" setting in the "Android Security" rule.
2. Verify the "SD Card Encryption" setting is enabled.

On the Samsung Android 7 with Knox device, do the following:
1. Open the device settings.
2. Select "Lock screen and security".
3. Insert a MicroSD card into the device.
4. If the MicroSD card is not already encrypted, select "Encrypt SD card". Verify "The security policy restricts use of SD cards that are not encrypted" is displayed.
5. If the MicroSD card is encrypted, verify "Decrypt SD card" is displayed and cannot be selected.

If the specified encryption settings are not set to the appropriate values, this is a finding.

Check Content Reference

M

Target Key

3253

Comments