STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x AE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including DoD-approved commercial app repository, management tool server, or mobile application store.

DISA Rule

SV-230977r607691_rule

Vulnerability Number

V-230977

Group Title

PP-MDF-301080

Rule Version

KNOX-11-001300

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001806 - The organization defines methods to be employed to enforce the software installation policies.

Weight

10

Fix Recommendation

Configure Samsung Android to disable unauthorized application repositories.

On the management tool, in the AE device restrictions section, set "installs from unknown sources globally" to "Disallow".

NOTE: Google Play must not be disabled. Disabling Google Play will cause system instability and critical updates will not be received.

Check Contents

Review Samsung Android configuration settings to determine if the mobile device has only approved application repositories (DoD-approved commercial app repository, management tool server, and/or mobile application store).

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device restrictions section, verify that "installs from unknown sources globally" is set to "Disallow".

On the Samsung Android device:
1. Open Settings >> Apps >> (Overflow menu) >> Special access >> Install unknown apps.
2. Tap (Overflow menu) >> Show system apps.
3. In the "Personal" tab, ensure that each app listed has the status "Disabled" under the app name or that no apps are listed.
4. In the "Work" tab, ensure that each app listed has the status "Disabled" under the app name or that no apps are listed.

If on the management tool "installs from unknown sources globally" is not set to "Disallow", or on the Samsung Android device an app is listed with a status other than "Disabled", this is a finding.

NOTE: Google Play must not be disabled. Disabling Google play will cause system instability and critical updates will not be received.

Vulnerability Number

V-230977

Documentable

False

Rule Version

KNOX-11-001300

Severity Override Guidance

Review Samsung Android configuration settings to determine if the mobile device has only approved application repositories (DoD-approved commercial app repository, management tool server, and/or mobile application store).

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device restrictions section, verify that "installs from unknown sources globally" is set to "Disallow".

On the Samsung Android device:
1. Open Settings >> Apps >> (Overflow menu) >> Special access >> Install unknown apps.
2. Tap (Overflow menu) >> Show system apps.
3. In the "Personal" tab, ensure that each app listed has the status "Disabled" under the app name or that no apps are listed.
4. In the "Work" tab, ensure that each app listed has the status "Disabled" under the app name or that no apps are listed.

If on the management tool "installs from unknown sources globally" is not set to "Disallow", or on the Samsung Android device an app is listed with a status other than "Disabled", this is a finding.

NOTE: Google Play must not be disabled. Disabling Google play will cause system instability and critical updates will not be received.

Check Content Reference

M

Target Key

5247

Comments