STIGQter STIGQter: STIG Summary: Samsung Android OS 6 (with KNOX 2.x) Security Technical Implementation Guide

Version: 1

Release: 2 Benchmark Date: 27 Jan 2017

CheckedNameTitle
SV-84211r1_ruleAll mobile operating system cryptography supporting DoD functionality must be FIPS 140-2 validated.
SV-84213r1_ruleThe Samsung KNOX for Android platform must protect data at rest on built-in storage media.
SV-84215r1_ruleThe Samsung KNOX for Android platform must protect data at rest on removable storage media.
SV-84217r1_ruleThe Samsung KNOX for Android platform must enforce a minimum password length of six characters.
SV-84219r1_ruleThe Samsung KNOX for Android platform must not allow more than 10 consecutive failed authentication attempts.
SV-84221r1_ruleThe Samsung KNOX for Android platform must lock the display after 15 minutes (or less) of inactivity.
SV-84223r1_ruleThe Samsung KNOX for Android platform must lock the container after 15 minutes (or less) of inactivity.
SV-84225r1_ruleThe Samsung KNOX for Android platform must be configured to disable Google Play.
SV-84227r1_ruleThe Samsung KNOX for Android platform must enforce an application installation policy by disabling application installation from unknown sources.
SV-84229r1_ruleThe Samsung KNOX for Android platform must enforce an application installation policy by specifying an application whitelist.
SV-84231r1_ruleThe Samsung KNOX for Android platform must not allow use of developer modes.
SV-84233r1_ruleThe Samsung KNOX for Android platform must have DoD root and intermediate PKI certificates installed on the device.
SV-84235r1_ruleThe Samsung KNOX for Android platform must be configured to disable Allow New Admin Install.
SV-84237r1_ruleThe Samsung KNOX for Android platform must have the Application Install Blacklist configured.
SV-84239r1_ruleThe Samsung KNOX for Android platform whitelist must not include any pre-installed (core) applications not approved for DoD use by the Authorizing Official (AO).
SV-84241r1_ruleThe Samsung KNOX for Android platform whitelist must not include applications that allow synchronization of data or applications between devices associated with the user.
SV-84243r1_ruleThe Samsung KNOX for Android platform whitelist must not include applications that process payments.
SV-84245r1_ruleThe Samsung KNOX for Android platform whitelist must not include applications that back up device data to non-DoD cloud servers (including user and application access to cloud backup services).
SV-84247r1_ruleThe Samsung KNOX for Android platform must be configured to disable backup to remote systems.
SV-84249r1_ruleThe Samsung KNOX for Android platform must be configured to disable Google Crash Report.
SV-84251r1_ruleThe Samsung KNOX for Android platform must be configured to disable USB host storage.
SV-84253r1_ruleThe Samsung KNOX for Android platform must not allow passwords that include more than two repeating or sequential characters.
SV-84255r1_ruleThe Samsung KNOX for Android platform must be configured to disable Multi-User mode.
SV-84257r1_ruleThe Samsung KNOX for Android platform must be configured to disable S Voice.
SV-84259r1_ruleThe Samsung KNOX for Android platform must be configured to disable Allow NFC.
SV-84261r1_ruleThe Samsung KNOX for Android platform must be configured to disable Nearby devices.
SV-84263r1_ruleThe Samsung KNOX for Android platform must be configured to disable USB mass storage mode.
SV-84265r1_ruleThe Samsung KNOX for Android platform must be configured to disable automatic updates of system software.
SV-84267r1_ruleThe Samsung KNOX for Android platform must not display notifications when the device is locked.
SV-84269r1_ruleThe Samsung KNOX for Android platform must not allow backup to locally connected systems.
SV-84271r1_ruleThe Samsung KNOX for Android platform must enable virtual private networks (VPN) protection.
SV-84273r1_ruleThe Samsung KNOX for Android platform must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor (e.g., using a fingerprint), unless the mechanism is DoD-approved.
SV-84275r1_ruleThe Samsung KNOX for Android platform must disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor.
SV-84277r1_ruleThe Samsung KNOX for Android platform must be configured to disable VPN split-tunneling (if the mobile device provides a configurable control for FDP_IFC_EXT.1.1).
SV-84279r1_ruleThe Samsung KNOX for Android platform must be configured to enable the access control policy that prevents groups of application processes from accessing all data stored by other groups of application processes.
SV-84281r1_ruleThe Samsung KNOX for Android platform must be configured to Disable Admin Remove.
SV-84283r1_ruleThe Samsung KNOX for Android platform must be configured to enable a Certificate Revocation Status (CRL) Check.
SV-84285r1_ruleThe Samsung KNOX for Android platform must be configured to disable Enable Smart Lock.
SV-84285r2_ruleThe Samsung KNOX for Android platform must be configured to disable Enable Smart Lock.
SV-84287r1_ruleThe Samsung KNOX for Android platform must disable the automatic transfer of diagnostic data to an external device.
SV-84289r1_ruleThe Samsung KNOX for Android platform must disable Report diagnostic info.
SV-84291r1_ruleThe Samsung KNOX for Android platform must display the DoD advisory warning message at start-up or each time the user unlocks the device.
SV-84293r1_ruleThe Samsung KNOX for Android platform must be configured to disable manual date and time changes.
SV-84295r1_ruleThe Samsung KNOX for Android container must be configured to enforce a minimum password length of four characters.
SV-84297r1_ruleThe Samsung KNOX for Android container must be configured to disable sharing of calendar information outside the container.
SV-84299r1_ruleThe Samsung KNOX for Android container must be configured to prohibit more than 10 consecutive failed authentication attempts.
SV-84301r1_ruleThe Samsung KNOX for Android container must be configured to disable sharing of contact information outside the container.
SV-84303r1_ruleThe Samsung KNOX for Android container must be configured to disable sharing of notification details outside the container when the container is locked.
SV-84305r1_ruleThe Samsung KNOX for Android container must be enabled.
SV-84307r1_ruleThe Samsung KNOX for Android platform must be configured to enable CC mode.
SV-84309r1_ruleThe Samsung KNOX for Android platform must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile), and SPP (Serial Port Profile).
SV-84311r1_ruleThe Samsung KNOX for Android container must enforce an application installation policy by specifying an application whitelist.
SV-84313r1_ruleThe Samsung KNOX for Android container must have the application install blacklist configured.
SV-84315r1_ruleThe Samsung KNOX for Android container must be configured to disable Move Applications to Container.
SV-84317r1_ruleThe Samsung KNOX for Android container must be configured to disable Move Files from Container to Personal.
SV-84319r1_ruleThe Samsung KNOX for Android container must have the application disable list configured.
SV-84321r1_ruleThe Samsung KNOX for Android container must be configured to disable automatic completion of browser text input.
SV-84323r1_ruleThe Samsung KNOX for Android container must not allow passwords that include more than two repeating or sequential characters.
SV-84325r1_ruleThe Samsung KNOX for Android container must have the Account Whitelist configured.
SV-84327r1_ruleThe Samsung KNOX for Android container must have the Account Blacklist configured.
SV-84329r1_ruleThe Samsung KNOX for Android container must have the minimum password complexity configured.
SV-84371r1_ruleThe Samsung KNOX for Android platform must be configured to enable Google Play Inside KNOX.