STIGQter STIGQter: STIG Summary: Samsung Android OS 7 with Knox 2.x Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The Samsung Android 7 with Knox platform must implement the management setting: Disable Samsung WiFi Sharing.

DISA Rule

SV-91327r1_rule

Vulnerability Number

V-76631

Group Title

PP-MDF-991000

Rule Version

KNOX-07-019200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Disable WiFi Sharing using one of the following methods:

1. If the AO has not approved hotspot tethering for site Samsung devices, on the MDM console, select the "Disable WiFi Tethering/Mobile Hotspot"" checkbox in the "WiFi Policy" rule.
OR
2. If the AO has approved hotspot tethering for site Samsung devices, on the Samsung device go to Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile Hotspot.

Turn off WiFi Sharing if it is enabled. WiFi Sharing is disabled by default.

Note: Mobile Hotspot must be enabled in order to enable WiFi Sharing.

Check Contents

Verify WiFi Sharing is disabled or alternately, the "WiFi Tethering/Mobile Hotspot" control is disabled.

First, determine if the AO has approved WiFi Tethering/Mobile Hotspot use. Written approval must be presented for verification of AO approval.

If there is no written AO approval that WiFi Tethering/Mobile Hotspot use do the following:
- On the MDM console, verify the "WiFi Tethering/Mobile Hotspot" control is disabled in the "WiFi Policy" rule.

If the AO has approved WiFi Tethering/Mobile Hotspot use do the following:
- On a sample of site Samsung devices, go to Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile Hotspot and verify "Wi-Fi Sharing" is turned off.

Note: This setting cannot be managed by the MDM administrator and is a User Based Enforcement (UBE) requirement.

If the AO has not approved WiFi Tethering/Mobile Hotspot use and on the MDM console the "WiFi Tethering/Mobile Hotspot" control is not disabled in the "WiFi Policy" rule, this is a finding.

If the AO has approved WiFi Tethering/Mobile Hotspot use and the WiFi Sharing setting on a Samsung device is turned on, this is a finding.

Vulnerability Number

V-76631

Documentable

False

Rule Version

KNOX-07-019200

Severity Override Guidance

Verify WiFi Sharing is disabled or alternately, the "WiFi Tethering/Mobile Hotspot" control is disabled.

First, determine if the AO has approved WiFi Tethering/Mobile Hotspot use. Written approval must be presented for verification of AO approval.

If there is no written AO approval that WiFi Tethering/Mobile Hotspot use do the following:
- On the MDM console, verify the "WiFi Tethering/Mobile Hotspot" control is disabled in the "WiFi Policy" rule.

If the AO has approved WiFi Tethering/Mobile Hotspot use do the following:
- On a sample of site Samsung devices, go to Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile Hotspot and verify "Wi-Fi Sharing" is turned off.

Note: This setting cannot be managed by the MDM administrator and is a User Based Enforcement (UBE) requirement.

If the AO has not approved WiFi Tethering/Mobile Hotspot use and on the MDM console the "WiFi Tethering/Mobile Hotspot" control is not disabled in the "WiFi Policy" rule, this is a finding.

If the AO has approved WiFi Tethering/Mobile Hotspot use and the WiFi Sharing setting on a Samsung device is turned on, this is a finding.

Check Content Reference

M

Target Key

3253

Comments