STIGQter STIGQter: STIG Summary: Samsung Android OS 5 with Knox 2.0 Security Technical Implementation Guide

Version: 1

Release: 4 Benchmark Date: 26 Apr 2019

CheckedNameTitle
SV-75633r1_ruleAll mobile operating system cryptography supporting DoD functionality must be FIPS 140-2 validated.
SV-75637r1_ruleThe Samsung Knox for Android platform must protect data at rest on built-in storage media.
SV-75639r1_ruleThe Samsung Knox for Android platform must protect data at rest on removable storage media.
SV-75641r1_ruleThe Samsung Knox for Android platform must enforce a minimum password length of 6 characters.
SV-75643r1_ruleThe Samsung Knox for Android platform must not allow more than 10 consecutive failed authentication attempts.
SV-75645r1_ruleThe Samsung Knox for Android platform must lock the display after 15 minutes (or less) of inactivity.
SV-75647r1_ruleThe Samsung Knox for Android container must implement the management setting: Lock the container display after 15 minutes (or less) of inactivity.
SV-75649r1_ruleThe Samsung Knox for Android platform must enforce an application installation policy by specifying one or more authorized application repositories: Disable Google Play.
SV-75651r1_ruleThe Samsung Knox for Android platform must enforce an application installation policy by specifying one or more authorized application repositories: Disable unknown sources.
SV-75653r1_ruleThe Samsung Knox for Android platform must enforce an application installation policy by specifying an application whitelist.
SV-75655r1_ruleThe Samsung Knox for Android platform must not allow use of developer modes.
SV-75657r1_ruleThe Samsung Knox for Android platform must implement the management setting: Install DoD root and intermediate PKI certificates on the device.
SV-75659r2_ruleThe Samsung Knox for Android platform must implement the management setting: Disable Allow New Admin Install.
SV-75661r1_ruleThe Samsung Knox for Android platform must implement the management setting: Configure application install blacklist.
SV-75663r1_ruleThe Samsung Knox for Android platform whitelist must not include applications with the following characteristics: All pre-installed (core) applications not approved for DoD use by the Approving Official (AO).
SV-75665r1_ruleThe Samsung Knox for Android platform whitelist must not include applications with the following characteristics: Allows synchronization of data or applications between devices associated with user.
SV-75667r1_ruleThe Samsung Knox for Android platform whitelist must not include applications with the following characteristics: Payment processing.
SV-75669r1_ruleThe Samsung Knox for Android platform whitelist must not include applications with the following characteristics: Back up MD data to non-DoD cloud servers (including user and application access to cloud backup services).
SV-75671r1_ruleThe Samsung Knox for Android platform must not allow backup to remote systems.
SV-75673r1_ruleThe Samsung Knox for Android platform must disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled: Disable Google Crash Report.
SV-75675r1_ruleThe Samsung Knox for Android platform must implement the management setting: Disable USB host storage.
SV-75677r1_ruleThe Samsung Knox for Android platform must not allow passwords that include more than two repeating or sequential characters.
SV-75679r2_ruleThe Samsung Knox for Android platform must be configured to disable multi-user modes.
SV-75681r1_ruleThe Samsung Knox for Android platform must implement the management setting: Disable S Voice.
SV-75683r1_ruleThe Samsung Knox for Android platform must implement the management setting: Disable NFC.
SV-75685r1_ruleThe Samsung Knox for Android platform must implement the management setting: Disable Nearby devices.
SV-75687r1_ruleThe Samsung Knox for Android platform must not allow a USB mass storage mode.
SV-75689r1_ruleThe Samsung Knox for Android platform must be configured to disable automatic updates of system software.
SV-75691r1_ruleThe Samsung Knox for Android platform must not display notifications when the device is locked.
SV-75693r1_ruleThe Samsung Knox for Android platform must not allow backup to locally connected systems.
SV-75695r1_ruleThe Samsung Knox for Android platform must enable VPN protection.
SV-75697r1_ruleThe Samsung Knox for Android platform must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor (e.g., using a fingerprint), unless mechanism is DoD approved.
SV-75699r1_ruleThe Samsung Knox for Android platform must be configured to disable VPN split-tunneling (if the MD provides a configurable control for FDP_IFC_EXT.1.1).
SV-75701r1_ruleThe Samsung Knox for Android platform must be configured to enable the access control policy that prevents [groups of application processes] from accessing [all] data stored by other [groups of application processes].
SV-75703r1_ruleThe Samsung Knox for Android platform must implement the management setting: Disable Admin Remove.
SV-75705r1_ruleThe Samsung Knox for Android platform must implement the management setting: Enable Certificate Revocation Status Check.
SV-75707r1_ruleThe Samsung Knox for Android platform must disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor: Disable Enable Smart Lock.
SV-75709r1_ruleThe Samsung Knox for Android platform must disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled: Configure a KNOX on-premise license.
SV-75711r1_ruleThe Samsung Knox for Android platform must disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled: Disable Report diagnostic info.
SV-75713r1_ruleThe Samsung Knox for Android platform must display the DoD advisory warning message at start-up or each time the user unlocks the device.
SV-75715r1_ruleThe Samsung Knox for Android platform must implement the management setting: Disable Manual Date Time Changes.
SV-75717r1_ruleThe Samsung Knox for Android container must implement the management setting: Configure to enforce a minimum password length of 4 characters.
SV-75719r1_ruleThe Samsung Knox for Android container must implement the management setting: Disable sharing of calendar information outside the container.
SV-75721r1_ruleThe Samsung Knox for Android container must implement the management setting: Configure to prohibit more than 10 consecutive failed authentication attempts.
SV-75723r1_ruleThe Samsung Knox for Android container must implement the management setting: Disable sharing of contact information outside the container.
SV-75725r1_ruleThe Samsung Knox for Android container must implement the management setting: Disable sharing of notification details outside the container.
SV-75727r1_ruleThe Samsung Knox for Android container must be configured to implement the management setting: Enable container.
SV-75729r1_ruleThe Samsung Knox for Android platform must implement the management setting: Enable CC mode.
SV-75731r1_ruleThe Samsung Knox for Android platform must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-free Profile), and SPP (Serial Port Profile).
SV-75733r1_ruleThe Samsung Knox for Android container must enforce an application installation policy by specifying an application whitelist.
SV-75735r1_ruleThe Samsung Knox for Android container must implement the management setting: Configure application install blacklist.
SV-75737r1_ruleThe Samsung Knox for Android container must implement the management setting: Disable Move Applications to Container.
SV-75739r1_ruleThe Samsung Knox for Android container must implement the management setting: Disable Move Files from Container to Personal.
SV-75741r1_ruleThe Samsung Knox for Android container must implement the management setting: Configure application disable list.
SV-75743r1_ruleThe Samsung Knox for Android container must implement the management setting: Disable automatic completion of browser text input.
SV-75745r1_ruleThe Samsung Knox for Android container must not allow passwords that include more than two repeating or sequential characters.
SV-75747r1_ruleThe Samsung Knox for Android container must implement the management setting: Account whitelist.
SV-75749r1_ruleThe Samsung Knox for Android container must implement the management setting: Account blacklist.
SV-75751r1_ruleThe Samsung Knox for Android container must implement the management setting: Configure minimum password complexity.
SV-101887r1_ruleOnly authorized versions of the Samsung Android OS must be used.