STIGQter STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x AE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android must be configured to not display the following (Work Environment) notifications when the device is locked: all notifications.

DISA Rule

SV-230981r607691_rule

Vulnerability Number

V-230981

Group Title

PP-MDF-301120

Rule Version

KNOX-11-002700

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Samsung Android to not display (Work Environment) notifications when the device is locked.

On the management tool, in the Work Environment restrictions section, set "Unredacted Notifications" to "Disallow".

Check Contents

Review Samsung Android configuration settings to determine if Samsung Android displays (Work Environment) notifications on the lock screen. Notifications of incoming phone calls are acceptable even when the device is locked.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the Work Environment restrictions section, verify that "Unredacted Notifications" is set to "Disallow".

For COPE: On the Samsung Android device:
1. Open Settings >> Work profile >> Notification and data.
2. Verify that "Show notification content" is disabled.

If on the management tool "Unredacted Notifications" is not set to "Disallow", or on the Samsung Android device "Show notification content" is not disabled, this is a finding.

***

For COBO: On the Samsung Android device:
1. Open Settings >> Lock screen.
2. Verify that "Notifications" menu is disabled.

If on the management tool "Unredacted Notifications" is not set to "Disallow", or on the Samsung Android device "Notifications" menu is not disabled, this is a finding.

Vulnerability Number

V-230981

Documentable

False

Rule Version

KNOX-11-002700

Severity Override Guidance

Review Samsung Android configuration settings to determine if Samsung Android displays (Work Environment) notifications on the lock screen. Notifications of incoming phone calls are acceptable even when the device is locked.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the Work Environment restrictions section, verify that "Unredacted Notifications" is set to "Disallow".

For COPE: On the Samsung Android device:
1. Open Settings >> Work profile >> Notification and data.
2. Verify that "Show notification content" is disabled.

If on the management tool "Unredacted Notifications" is not set to "Disallow", or on the Samsung Android device "Show notification content" is not disabled, this is a finding.

***

For COBO: On the Samsung Android device:
1. Open Settings >> Lock screen.
2. Verify that "Notifications" menu is disabled.

If on the management tool "Unredacted Notifications" is not set to "Disallow", or on the Samsung Android device "Notifications" menu is not disabled, this is a finding.

Check Content Reference

M

Target Key

5247

Comments