STIGQter: STIG Summary: Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Mar 2020: STIGQter: STIG Summary: Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Mar 2020:SV-109037r1_rule
V-99933
PP-MDF-301140
KNOX-10-001900
CAT I
10
Configure Samsung Android to enable data-at-rest protection for removable media, or alternatively, disable the use of removable storage media.
Do one of the following:
- Method #1: Disable SD card (if not using SD card).
- Method #2: Enable data-at-rest protection.
****
Method #1: Disable SD card (if not using SD card).
On the management tool, in the device restrictions section, set "SD Card" to "Disable".
****
Method #2: Enable data-at-rest protection.
On the management tool, in the device KPE encryption section, set "External storage encryption" to "Enable".
If the mobile device does not support removable media, this requirement is not applicable.
Review Samsung Android configuration settings to determine if data in the mobile device is removable storage media is encrypted, or alternatively, the use of removable storage media is disabled.
Confirm if Method #1 or #2 is used at the Samsung device site and follow the appropriate procedure.
This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.
****
Method #1: Disable SD card (if not using SD card).
On the management tool, in the device restrictions section, verify that "SD Card" is set to "Disable".
On the Samsung Android device, verify that a Micro SD card cannot be mounted.
If on the management tool "SD Card" is not set to "Disable", or on the Samsung Android device a microSD card can be mounted, this is a finding.
****
Method #2: Enable data-at-rest protection.
On the management tool, in the device KPE encryption section, verify that "External storage encryption" is set to "Enable".
On the Samsung Android device, do the following:
1. Insert a freshly formatted microSD card.
2. Verify that a prompt appears to encrypt the microSD card.
3. Perform the encryption.
4. Remove and reinsert the microSD card and verify that a notification appears stating that the mounted microSD card is encrypted.
If on the management tool "External storage encryption" is not set to "Enable", or on the Samsung Android device a microSD card can be used without first being encrypted, this is a finding.
V-99933
False
KNOX-10-001900
If the mobile device does not support removable media, this requirement is not applicable.
Review Samsung Android configuration settings to determine if data in the mobile device is removable storage media is encrypted, or alternatively, the use of removable storage media is disabled.
Confirm if Method #1 or #2 is used at the Samsung device site and follow the appropriate procedure.
This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.
****
Method #1: Disable SD card (if not using SD card).
On the management tool, in the device restrictions section, verify that "SD Card" is set to "Disable".
On the Samsung Android device, verify that a Micro SD card cannot be mounted.
If on the management tool "SD Card" is not set to "Disable", or on the Samsung Android device a microSD card can be mounted, this is a finding.
****
Method #2: Enable data-at-rest protection.
On the management tool, in the device KPE encryption section, verify that "External storage encryption" is set to "Enable".
On the Samsung Android device, do the following:
1. Insert a freshly formatted microSD card.
2. Verify that a prompt appears to encrypt the microSD card.
3. Perform the encryption.
4. Remove and reinsert the microSD card and verify that a notification appears stating that the mounted microSD card is encrypted.
If on the management tool "External storage encryption" is not set to "Enable", or on the Samsung Android device a microSD card can be used without first being encrypted, this is a finding.
M
3613