STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:SV-103839r1_rule
V-93753
PP-MDF-301090
KNOX-09-000080
CAT II
10
Configure Samsung Android Workspace to enforce an application installation whitelist.
The application installation whitelist does not control user access to/execution of all core and preinstalled applications, and guidance for doing so is covered in KNOX-09-000050.
Do one of the following:
- Method #1: Use managed Google Play for the Workspace (managed profile).
- Method #2: Use Knox application installation whitelist.
****
Method #1: On the MDM console, for the Workspace, in the "managed Google Play" group, add each AO-approved package to the managed Google Play application installation whitelist.
****
Method #2: On the MDM console, for the Workspace, in the "Knox application" group, add each AO-approved package to the application installation whitelist.
Refer to the MDM documentation to determine the following:
- If an application installation blacklist is also required to be configured when enforcing an "application installation whitelist".
- If MDM supports adding packages to the "application installation whitelist by package name and/or digital signature or supports a combination of the two.
****
Note: Refer to the "System Apps That Must Not Be Disabled" table in the Supplemental document for this STIG. These apps must be included in the application installation whitelist to allow updates.
Review the Samsung Android Workspace configuration settings to confirm that an application installation whitelist has been configured.
This procedure is performed only on the MDM Administration console.
Confirm if Method #1 or Method #2 is used at the Samsung device site and follow the appropriate procedure.
****
Method #1: On the MDM console, for the Workspace, in the "managed Google Play" group, verify that each package listed on the application installation whitelist has been approved for DoD use by the Authorizing Official (AO).
If the application installation whitelist contains non-AO-approved packages, this is a finding.
****
Method #2: On the MDM console, for the Workspace, in the "Knox application" group, verify that each package listed on the application installation whitelist has been approved for DoD use by the AO.
If the application installation whitelist contains non-AO-approved packages, this is a finding.
V-93753
False
KNOX-09-000080
Review the Samsung Android Workspace configuration settings to confirm that an application installation whitelist has been configured.
This procedure is performed only on the MDM Administration console.
Confirm if Method #1 or Method #2 is used at the Samsung device site and follow the appropriate procedure.
****
Method #1: On the MDM console, for the Workspace, in the "managed Google Play" group, verify that each package listed on the application installation whitelist has been approved for DoD use by the Authorizing Official (AO).
If the application installation whitelist contains non-AO-approved packages, this is a finding.
****
Method #2: On the MDM console, for the Workspace, in the "Knox application" group, verify that each package listed on the application installation whitelist has been approved for DoD use by the AO.
If the application installation whitelist contains non-AO-approved packages, this is a finding.
M
3507