STIGQter STIGQter: STIG Summary: Samsung Android OS 7 with Knox 2.x Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The Samsung Android 7 with Knox must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.

DISA Rule

SV-91247r1_rule

Vulnerability Number

V-76551

Group Title

PP-MDF-301200

Rule Version

KNOX-07-004300

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the Samsung Android 7 with Knox to display the DoD-mandated warning banner text.

On the MDM console, do the following:
1. Enter the correct text in the "Banner Text" field in the "DoD Banner" settings in the "Android Security" rule.
2. Select the enable checkbox in the "DoD Banner" settings in the "Android Security" rule.

Note: If enabled without configuring the "Banner Text", the device will display a default text which matches the required DoD banner.

Note: On some MDM vendor consoles, the logon banner automatically is displayed upon reboot while the device is MDM enrolled. On these consoles, this control is not configurable through the MDM server or on the device.

Check Contents

Review Samsung Android 7 with Knox documentation and configuration settings to determine if the warning banner is using the appropriate designated wording.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Banner Text" field in the "DoD Banner" settings in the "Android Security" rule.
2. Verify the correct DoD-specified warning text is displayed in the Banner Text field or the field is blank.
3. Ask the MDM administrator to display the enable checkbox in the "DoD Banner" settings in the "Android Security" rule.
4. Verify the checkbox is selected.

On the Samsung Android 7 with Knox device, do the following:
1. Reboot the device.
2. Verify the device displays the DoD banner.
3. Verify the DoD banner is set to one of the authorized messages.

If the MDM console "DoD Banner" enable checkbox is not selected, or the "Banner Text" is not set to the appropriate designated wording or the Samsung Android 7 with Knox device does not display a warning banner with the appropriate designated wording when rebooted, this is a finding.

Note: If enabled without configuring the "Banner Text", the device will display a default text which matches the required DoD banner.

Vulnerability Number

V-76551

Documentable

False

Rule Version

KNOX-07-004300

Severity Override Guidance

Review Samsung Android 7 with Knox documentation and configuration settings to determine if the warning banner is using the appropriate designated wording.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Banner Text" field in the "DoD Banner" settings in the "Android Security" rule.
2. Verify the correct DoD-specified warning text is displayed in the Banner Text field or the field is blank.
3. Ask the MDM administrator to display the enable checkbox in the "DoD Banner" settings in the "Android Security" rule.
4. Verify the checkbox is selected.

On the Samsung Android 7 with Knox device, do the following:
1. Reboot the device.
2. Verify the device displays the DoD banner.
3. Verify the DoD banner is set to one of the authorized messages.

If the MDM console "DoD Banner" enable checkbox is not selected, or the "Banner Text" is not set to the appropriate designated wording or the Samsung Android 7 with Knox device does not display a warning banner with the appropriate designated wording when rebooted, this is a finding.

Note: If enabled without configuring the "Banner Text", the device will display a default text which matches the required DoD banner.

Check Content Reference

M

Target Key

3253

Comments