STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COBO Use Case KPE(Legacy) Deployment Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jul 2020:

Samsung Android must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled.

DISA Rule

SV-103707r1_rule

Vulnerability Number

V-93621

Group Title

PP-MDF-301140

Rule Version

KNOX-09-000985

Severity

CAT I

CCI(s)

• CCI-001199 - The information system protects the confidentiality and/or integrity of organization-defined information at rest.

Weight

10

Fix Recommendation

Configure Samsung Android to enable Knox external storage encryption.

If the mobile device does not support removable media, this guidance is not applicable.

On the MDM console, for the device, in the "Knox encryption" group, select "enable external storage encryption".

Check Contents

Review device configuration settings to determine if Knox external storage encryption is enabled.

If the mobile device does not support removable media, this procedure is not applicable and is not a finding.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Knox encryption" group, verify that "enable external storage encryption" is selected.

On the Samsung Android device, verify that a MicroSD card must be encrypted before use.

If on the MDM console "enable external storage encryption" is not selected, or a MicroSD card can be used on the Samsung Android device without first being encrypted, this is a finding.

Vulnerability Number

V-93621

Documentable

False

Rule Version

KNOX-09-000985

Severity Override Guidance

Review device configuration settings to determine if Knox external storage encryption is enabled.

If the mobile device does not support removable media, this procedure is not applicable and is not a finding.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Knox encryption" group, verify that "enable external storage encryption" is selected.

On the Samsung Android device, verify that a MicroSD card must be encrypted before use.

If on the MDM console "enable external storage encryption" is not selected, or a MicroSD card can be used on the Samsung Android device without first being encrypted, this is a finding.

Check Content Reference

M

Target Key

3497

Comments