STIGQter STIGQter: STIG Summary: Samsung Android OS 7 with Knox 2.x Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: If a third-party VPN client is installed in the personal space/container, it must not be configured with a DoD network (work) VPN profile.

DISA Rule

SV-91301r1_rule

Vulnerability Number

V-76605

Group Title

PP-MDF-301060

Rule Version

KNOX-07-017130

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

If a third-party VPN client is installed in the personal space/container on a Samsung Android 7 with Knox device, do not configure the VPN client with a DoD network VPN profile.

Check Contents

Not Applicable for the COBO use case.

Review Samsung Android 7 with Knox configuration settings to determine if any third-party VPN client installed in the personal space/container on the device has been configured with a DoD network (work) VPN profile.

This validation procedure is performed on the Samsung Android 7 with Knox device only.

On the Samsung Android 7 with Knox device, do the following:
1. Open the device settings.
2. Select "Apps".
3. Review the list of apps and if there are any VPN client apps installed open each one in turn. Review the list of VPN profiles configured on the VPN client.
4. Verify there are no DoD network VPN profiles configured on the VPN client.

If any third-party VPN client installed in the personal space/container has a DoD network VPN profile configured on the client, this is a finding.

Note: This setting cannot be managed by the MDM administrator and is a User Based Enforcement (UBE) requirement (unless an application white list/black list is configured for the personal space/container).

Vulnerability Number

V-76605

Documentable

False

Rule Version

KNOX-07-017130

Severity Override Guidance

Not Applicable for the COBO use case.

Review Samsung Android 7 with Knox configuration settings to determine if any third-party VPN client installed in the personal space/container on the device has been configured with a DoD network (work) VPN profile.

This validation procedure is performed on the Samsung Android 7 with Knox device only.

On the Samsung Android 7 with Knox device, do the following:
1. Open the device settings.
2. Select "Apps".
3. Review the list of apps and if there are any VPN client apps installed open each one in turn. Review the list of VPN profiles configured on the VPN client.
4. Verify there are no DoD network VPN profiles configured on the VPN client.

If any third-party VPN client installed in the personal space/container has a DoD network VPN profile configured on the client, this is a finding.

Note: This setting cannot be managed by the MDM administrator and is a User Based Enforcement (UBE) requirement (unless an application white list/black list is configured for the personal space/container).

Check Content Reference

M

Target Key

3253

Comments