STIGQter STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COBO Use Case KPE(Legacy) Deployment Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jul 2020:

Samsung Android must be configured to enable authentication of personal hotspot connections to the device using a preshared key.

DISA Rule

SV-103705r1_rule

Vulnerability Number

V-93619

Group Title

PP-MDF-301240

Rule Version

KNOX-09-000945

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Samsung Android to disallow unsecured hotspots.

On the MDM console, in the Knox Wifi restrictions, unselect "allow unsecured hotspot".

Check Contents

Review device configuration to confirm that unsecured hotspots are disallowed.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Knox Wifi" group, verify that "allow unsecured hotspot" is not selected.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Connections".
3. Tap "Mobile Hotspot and Tethering".
4. Tap "Mobile Hotspot".
5. Tap Overflow menu (three vertical dots).
6. Tap "Configure Mobile Hotspot".
7. Tap "Open in Security drop down".
8. Verify that "Save" is disabled.

If on the MDM console "allow unsecured hotspot" is selected, or on the Samsung Android device an Open Mobile Hotspot configuration can be saved, this is a finding.

Vulnerability Number

V-93619

Documentable

False

Rule Version

KNOX-09-000945

Severity Override Guidance

Review device configuration to confirm that unsecured hotspots are disallowed.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Knox Wifi" group, verify that "allow unsecured hotspot" is not selected.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Connections".
3. Tap "Mobile Hotspot and Tethering".
4. Tap "Mobile Hotspot".
5. Tap Overflow menu (three vertical dots).
6. Tap "Configure Mobile Hotspot".
7. Tap "Open in Security drop down".
8. Verify that "Save" is disabled.

If on the MDM console "allow unsecured hotspot" is selected, or on the Samsung Android device an Open Mobile Hotspot configuration can be saved, this is a finding.

Check Content Reference

M

Target Key

3497

Comments