STIGQter STIGQter: STIG Summary: Samsung Android OS 7 with Knox 2.x Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The Samsung Android 7 with Knox must be configured to enable authentication of personal hotspot connections to the device using a preshared key.

DISA Rule

SV-91257r1_rule

Vulnerability Number

V-76561

Group Title

PP-MDF-301240

Rule Version

KNOX-07-005100

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Samsung Android 7 with Knox to enable authentication of personal hotspot connections to the device using a preshared key.

On the MDM console, deselect the "Allow Unsecured Hotspot" checkbox in the "WiFi Policy" rule.

Check Contents

Review Samsung Android 7 with Knox configuration settings to determine if the mobile device has enabled authentication of personal hotspot connections to the device using a preshared key.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Allow Unsecured Hotspot" checkbox in the "WiFi Policy" rule.
2. Verify the checkbox is not selected.

On the Samsung Android 7 with Knox device, do the following:
1. Open the device settings.
2. Select "Mobile hotspot and tethering".
3. Select "Mobile hotspot".
4. Select "Configure Mobile hotspot" more options.
5. Verify that user cannot save configuration with security set to "Open".

If the MDM console "Allow Unsecured Hotspot" checkbox is selected or on the Samsung Android 7 with Knox device, can be configured as a Mobile Hotspot with Open Security, this is a finding.

Vulnerability Number

V-76561

Documentable

False

Rule Version

KNOX-07-005100

Severity Override Guidance

Review Samsung Android 7 with Knox configuration settings to determine if the mobile device has enabled authentication of personal hotspot connections to the device using a preshared key.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Allow Unsecured Hotspot" checkbox in the "WiFi Policy" rule.
2. Verify the checkbox is not selected.

On the Samsung Android 7 with Knox device, do the following:
1. Open the device settings.
2. Select "Mobile hotspot and tethering".
3. Select "Mobile hotspot".
4. Select "Configure Mobile hotspot" more options.
5. Verify that user cannot save configuration with security set to "Open".

If the MDM console "Allow Unsecured Hotspot" checkbox is selected or on the Samsung Android 7 with Knox device, can be configured as a Mobile Hotspot with Open Security, this is a finding.

Check Content Reference

M

Target Key

3253

Comments