STIGQter: STIG Summary: Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Mar 2020:

Samsung Android Work Environment must allow only the Administrator (management tool) to perform the following management function: install/remove DoD root and intermediate PKI certificates.

DISA Rule

SV-109097r1_rule

Vulnerability Number

V-99993

Group Title

PP-MDF-992000

Rule Version

KNOX-10-012400

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-000370 - The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components.

Weight

10

Fix Recommendation

Configure Samsung Android Work Environment to prevent a user from removing DoD root and intermediate PKI certificates.

Do one of the following:
- Method #1: Disallow user from configuring any credential.
- Method #2: Disallow user from removing certificates.

****

Method #1: Disallow user from configuring any credential.

On the management tool, in the Work Environment restrictions section, set "Config credentials" to "Disallow".

****

Method #2: Disallow user from removing certificates.

On the management tool, in the Work Environment KPE restrictions section, set "User Remove Certificates" to "Disallow".

Check Contents

Review Samsung Android Work Environment configuration settings to determine if the user is unable to remove DoD root and intermediate PKI certificates.

Confirm if Method #1 or #2 is used at the Samsung device site and follow the appropriate procedure.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

****

Method #1: Disallow user from configuring any credential.

On the management tool, in the Work Environment restrictions section, verify that "Config credentials" is set to "Disallow".

On the Samsung Android device, do the following:
1. Open Settings >> Biometrics and security >> Other security settings >> View security certificates.
2. In the System tab, verify that no listed certificate in the Work Environment can be untrusted.
3. In the User tab, verify that no listed certificate in the Work Environment can be removed.

If on the management tool the device "Config credentials" is not set to "Disallow", or on the Samsung Android device a certificate can be untrusted or removed, this is a finding.

****

Method #2: Disallow user from removing certificates.

On the management tool, in the device KPE restrictions section, verify "User Remove Certificates" is set to "Disallow".

On the Samsung Android device, do the following:
1. Open Settings >> Biometrics and security >> Other security settings >> View security certificates.
2. In the System tab, verify that no listed certificate in the Work Environment can be untrusted.
3. In the User tab, verify that no listed certificate in the Work Environment can be removed.

If on the management tool the device "User Remove Certificates" is not set to "Disallow", or on the Samsung Android device a certificate can be untrusted or removed, this is a finding.

Vulnerability Number

V-99993

Documentable

False

Rule Version

KNOX-10-012400

Severity Override Guidance

Review Samsung Android Work Environment configuration settings to determine if the user is unable to remove DoD root and intermediate PKI certificates.

Confirm if Method #1 or #2 is used at the Samsung device site and follow the appropriate procedure.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

****

Method #1: Disallow user from configuring any credential.

On the management tool, in the Work Environment restrictions section, verify that "Config credentials" is set to "Disallow".

On the Samsung Android device, do the following:
1. Open Settings >> Biometrics and security >> Other security settings >> View security certificates.
2. In the System tab, verify that no listed certificate in the Work Environment can be untrusted.
3. In the User tab, verify that no listed certificate in the Work Environment can be removed.

If on the management tool the device "Config credentials" is not set to "Disallow", or on the Samsung Android device a certificate can be untrusted or removed, this is a finding.

****

Method #2: Disallow user from removing certificates.

On the management tool, in the device KPE restrictions section, verify "User Remove Certificates" is set to "Disallow".

On the Samsung Android device, do the following:
1. Open Settings >> Biometrics and security >> Other security settings >> View security certificates.
2. In the System tab, verify that no listed certificate in the Work Environment can be untrusted.
3. In the User tab, verify that no listed certificate in the Work Environment can be removed.

If on the management tool the device "User Remove Certificates" is not set to "Disallow", or on the Samsung Android device a certificate can be untrusted or removed, this is a finding.

Check Content Reference

M

Target Key

3613

Comments