STIGQter STIGQter: STIG Summary: Samsung Android OS 7 with Knox 2.x Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The Samsung Android 7 with Knox must implement the management setting: Enable Certificate Revocation Status (CRL) Check.

DISA Rule

SV-91285r1_rule

Vulnerability Number

V-76589

Group Title

PP-MDF-991000

Rule Version

KNOX-07-013000

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Samsung Android 7 with Knox to enable a Certificate Revocation Status (CRL) Check.

On the MDM console, do the following:
1. Enter the string '*' (asterisk) in the package list in the "Certificate Revocation Check (CRL)" settings in the "Android Certificate" rule.
2. Select the enable checkbox in the "Certificate Revocation Check (CRL)" settings in the "Android Certificate" rule.

Check Contents

Review Samsung Android 7 with Knox configuration settings to determine if the mobile device is configured to enable a Certificate Revocation Status (CRL) Check.

This validation procedure is performed on the MDM Administration Console only.

On the MDM console, do the following:
1. Ask the MDM administrator to display the package list in the "Certificate Revocation Check (CRL)" settings in the "Android Certificate" rule.
2. Verify the string is '*' (asterisk).
3. Ask the MDM administrator to display the enable checkbox in the "Certificate Revocation Check (CRL)" settings in the "Android Certificate" rule.
4. Verify the checkbox is selected.

If the MDM console "Certificate Revocation Check (CRL)" settings are not enabled for all packages, this is a finding.

Vulnerability Number

V-76589

Documentable

False

Rule Version

KNOX-07-013000

Severity Override Guidance

Review Samsung Android 7 with Knox configuration settings to determine if the mobile device is configured to enable a Certificate Revocation Status (CRL) Check.

This validation procedure is performed on the MDM Administration Console only.

On the MDM console, do the following:
1. Ask the MDM administrator to display the package list in the "Certificate Revocation Check (CRL)" settings in the "Android Certificate" rule.
2. Verify the string is '*' (asterisk).
3. Ask the MDM administrator to display the enable checkbox in the "Certificate Revocation Check (CRL)" settings in the "Android Certificate" rule.
4. Verify the checkbox is selected.

If the MDM console "Certificate Revocation Check (CRL)" settings are not enabled for all packages, this is a finding.

Check Content Reference

M

Target Key

3253

Comments