STIGQter: STIG Summary: Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Mar 2020: STIGQter: STIG Summary: Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Mar 2020:SV-109035r1_rule
V-99931
PP-MDF-301120
KNOX-10-001500
CAT II
10
Configure Samsung Android to not display (Work Environment) notifications when the device is locked.
Do one of the following:
- Method #1: Disable unredacted notifications on the Keyguard (COBO or COPE).
- Method #2: Use KPE notification sanitization for notifications (COPE only).
****
Method #1: Disable unredacted notifications on the Keyguard (COBO or COPE).
On the management tool, in the Work Environment restrictions section, set "Unredacted Notifications" to "Disallow".
****
Method #2: Use KPE notification sanitization for notifications (COPE only).
On the management tool, in the Work Environment KPE RCP section, set "Show detailed notifications" to "Disallow".
Review Samsung Android configuration settings to determine if Samsung Android displays (Work Environment) notifications on the lock screen. Notifications of incoming phone calls are acceptable even when the device is locked.
Confirm if Method #1 or #2 is used at the Samsung device site and follow the appropriate procedure.
This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.
****
Method #1: Disable unredacted notifications on the Keyguard (COBO or COPE).
On the management tool, in the Work Environment restrictions section, verify that "Unredacted Notifications" is set to "Disallow".
For COPE: On the Samsung Android device, do the following:
1. Open Settings >> Work profile >> Notification and data.
2. Verify that "Show notification content" is disabled.
For COBO: On the Samsung Android device, do the following:
1. Open Settings >> Lock screen.
2. Verify that "Notifications" are disabled.
If on the management tool "Unredacted Notifications" is not set to "Disallow", or on the Samsung Android device "Show notification content" is not disabled, this is a finding.
****
Method #2: Use KPE notification sanitization for notifications (COPE only).
On the management tool, in the Work Environment KPE RCP section, verify that "Show detailed notifications" is set to "Disallow".
On the Samsung Android device, do the following:
1. Open Settings >> Work profile >> Notification and data.
2. Verify that "Show notification content" is disabled.
If on the management tool "Show detailed notifications" is not set to "Disallow", or on the Samsung Android device "Show notification content" is not disabled, this is a finding.
V-99931
False
KNOX-10-001500
Review Samsung Android configuration settings to determine if Samsung Android displays (Work Environment) notifications on the lock screen. Notifications of incoming phone calls are acceptable even when the device is locked.
Confirm if Method #1 or #2 is used at the Samsung device site and follow the appropriate procedure.
This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.
****
Method #1: Disable unredacted notifications on the Keyguard (COBO or COPE).
On the management tool, in the Work Environment restrictions section, verify that "Unredacted Notifications" is set to "Disallow".
For COPE: On the Samsung Android device, do the following:
1. Open Settings >> Work profile >> Notification and data.
2. Verify that "Show notification content" is disabled.
For COBO: On the Samsung Android device, do the following:
1. Open Settings >> Lock screen.
2. Verify that "Notifications" are disabled.
If on the management tool "Unredacted Notifications" is not set to "Disallow", or on the Samsung Android device "Show notification content" is not disabled, this is a finding.
****
Method #2: Use KPE notification sanitization for notifications (COPE only).
On the management tool, in the Work Environment KPE RCP section, verify that "Show detailed notifications" is set to "Disallow".
On the Samsung Android device, do the following:
1. Open Settings >> Work profile >> Notification and data.
2. Verify that "Show notification content" is disabled.
If on the management tool "Show detailed notifications" is not set to "Disallow", or on the Samsung Android device "Show notification content" is not disabled, this is a finding.
M
3613