STIGQter STIGQter: STIG Summary: Samsung Android OS 7 with Knox 2.x Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The Samsung Android 7 with Knox must be configured to Disable Bixby.

DISA Rule

SV-91309r1_rule

Vulnerability Number

V-76613

Group Title

PP-MDF-991000

Rule Version

KNOX-07-017800

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the Samsung Android 7 with Knox to disable Bixby.

On the MDM console, add all packages associated with the Bixby feature to the "Application disable list" setting in the "Android Applications" rule.

Note: Refer to the Supplemental document for additional information.

Check Contents

Not Applicable if the AO has approved unmanaged personal space/container (COPE use case). The site must have an AO signed document showing the AO has assumed the risk for using an unmanaged personal container.

Review Samsung Android 7 with Knox configuration settings to determine if the mobile device is configured to disable Bixby.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Application disable list" setting in the "Android Application" rule.
2. Verify the list contains all Bixby related packages.

On the Samsung Android 7 with Knox device, do the following:
1. Press the Bixby hardware button.
2. Verify Bixby does not start.

If the Samsung Android 7 with Knox device starts Bixby when pressing the hardware Bixby button, this is a finding.

Vulnerability Number

V-76613

Documentable

False

Rule Version

KNOX-07-017800

Severity Override Guidance

Not Applicable if the AO has approved unmanaged personal space/container (COPE use case). The site must have an AO signed document showing the AO has assumed the risk for using an unmanaged personal container.

Review Samsung Android 7 with Knox configuration settings to determine if the mobile device is configured to disable Bixby.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Application disable list" setting in the "Android Application" rule.
2. Verify the list contains all Bixby related packages.

On the Samsung Android 7 with Knox device, do the following:
1. Press the Bixby hardware button.
2. Verify Bixby does not start.

If the Samsung Android 7 with Knox device starts Bixby when pressing the hardware Bixby button, this is a finding.

Check Content Reference

M

Target Key

3253

Comments