STIGQter STIGQter: STIG Summary: Samsung Android (with Knox 2.x) STIG

Version: 1

Release: 4 Benchmark Date: 22 Apr 2016

CheckedNameTitle
SV-70291r1_ruleThe Samsung Knox for Android platform must be configured to enable data-at-rest protection for built-in storage media.
SV-70293r1_ruleThe Samsung Knox for Android platform must be configured to enable data-at-rest protection for removable storage media.
SV-70295r1_ruleThe Samsung Knox for Android platform must be configured to enforce a minimum password length of 6 characters.
SV-70297r1_ruleThe Samsung Knox for Android platform must be configured to prohibit more than 10 consecutive failed authentication attempts.
SV-70299r1_ruleThe Samsung Knox for Android platform must be configured to lock the display after 15 minutes (or less) of inactivity.
SV-70301r1_ruleThe Samsung Knox for Android container must be configured to lock the display after 15 minutes (or less) of inactivity.
SV-70303r1_ruleThe Samsung Knox for Android platform must be configured to enforce an application installation policy by specifying one or more authorized application repositories: disable Google Play.
SV-70305r1_ruleThe Samsung Knox for Android platform must be configured to enforce an application installation policy by specifying one or more authorized application repositories: disable unknown sources.
SV-70307r1_ruleThe Samsung Knox for Android platform must be configured to enforce an application installation policy by specifying one or more authorized application repositories: enroll in MDM.
SV-70309r1_ruleThe Samsung Knox for Android platform must be configured to enforce an application installation policy through application whitelist specifying a set of allowed applications and versions.
SV-70311r1_ruleThe Samsung Knox for Android platform must be configured to disable USB mass storage mode.
SV-70313r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable USB debugging.
SV-70315r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable mock locations.
SV-70317r1_ruleThe Samsung Knox for Android platform must be configured to disable developer modes.
SV-70319r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable Insecure VPN Connections.
SV-70321r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: install DoD root and intermediate PKI certificates on the device.
SV-70323r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: whitelist DoD root and intermediate PKI certificates.
SV-70325r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting. Employ mobile device management services to centrally manage security relevant configuration and policy settings.
SV-70327r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable Allow New Admin Install.
SV-70329r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: configure application install blacklist.
SV-70331r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: configure application disable list.
SV-70333r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable Google auto sync.
SV-70335r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable Google crash report.
SV-70337r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable Wi-Fi Direct.
SV-70339r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable USB host storage.
SV-70341r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting. Not allow the device unlock password to contain more than two sequential or repeating characters (e.g., 456, aaa).
SV-70343r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable Google backup.
SV-70345r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: configure Knox License.
SV-70347r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting. Disable multi-user mode.
SV-70349r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable public cloud backup apps.
SV-70351r1_ruleThe Samsung Knox for Android platform must be configured to implement the user-based enforcement setting: disable messaging preview notifications in lock screen.
SV-70353r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable S Voice.
SV-70355r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting. Disable mobile payment.
SV-70357r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable mobile printing.
SV-70359r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable NFC.
SV-70361r1_ruleThe Samsung Knox for Android platform must be configured to implement the user-based enforcement setting: disable screen mirroring.
SV-70363r1_ruleThe Samsung Knox for Android platform must be configured to implement the user-based enforcement setting: disable Samsung Account.
SV-70365r1_ruleThe Samsung Knox for Android platform must be configured to implement the user-based enforcement setting: disable Nearby devices.
SV-70367r1_ruleThe Samsung Knox for Android platform must be configured to disable USB media player.
SV-70369r1_ruleThe Samsung Knox for Android platform must be configured to require the user to manifest consent to the terms of the DoD-specified warning banner each time the user unlocks the device.
SV-70371r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable Manual Date Time Changes.
SV-70373r1_ruleThe Samsung Knox for Android container must be configured to enforce a minimum password length of 4 characters.
SV-70375r1_ruleThe Samsung Knox for Android container must be configured to prohibit more than 10 consecutive failed authentication attempts.
SV-70377r1_ruleThe Samsung Knox for Android container must be configured to implement the management setting: enable container.
SV-70381r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: enable CC mode.
SV-70383r1_ruleThe Samsung Knox for Android platform must be configured to implement the management setting: disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile), and SPP (Serial Port Profile).
SV-70387r1_ruleThe Samsung Knox for Android container must be configured to enforce an application installation policy through application whitelist specifying a set of allowed applications and versions.
SV-70389r1_ruleThe Samsung Knox for Android container must be configured to implement the management setting: configure application install blacklist.
SV-70391r1_ruleThe Samsung Knox for Android container must be configured to implement the management setting: disable Move Applications to Container.
SV-70393r1_ruleThe Samsung Knox for Android container must be configured to implement the management setting: disable Move Files from Container to Personal.
SV-70395r1_ruleThe Samsung Knox for Android container must be configured to implement the management setting: disable Move Files from Personal to Container.
SV-70397r1_ruleThe Samsung Knox for Android container must be configured to implement the management setting: configure application disable list.
SV-70411r1_ruleThe Samsung Knox for Android container must be configured to implement the management setting: Account whitelist.
SV-70413r1_ruleThe Samsung Knox for Android container must be configured to implement the management setting: Account blacklist.
SV-70415r1_ruleThe Samsung Knox for Android container must be configured to implement the user-based enforcement setting: disable Samsung Account.
SV-71723r1_ruleThe Samsung Knox for Android container must be configured to implement the management setting. Disable sharing of calendar information outside the container.
SV-71725r1_ruleThe Samsung Knox for Android container must be configured to implement the management setting. Disable sharing of contact information outside the container.
SV-71727r1_ruleThe Samsung Knox for Android container must be configured to implement the management setting. Disable sharing of notification details outside the container.
SV-72379r1_ruleThe Samsung Knox for Android platform must be configured to disable firmware updates over-the-air (FOTA).
SV-80995r1_ruleSamsung Android operating systems that are no longer supported by the vendor for security updates must not be installed on a system.