STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x AE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android Work Environment must be configured to disable exceptions to the access control policy that prevents application processes, groups of application processes from accessing all, private data stored by other application processes, groups of application processes. - Disable Copy and Paste data

DISA Rule

SV-230993r607691_rule

Vulnerability Number

V-230993

Group Title

PP-MDF-301260

Rule Version

KNOX-11-009100

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-002191 - The organization defines the information flow control policies to be enforced by the information system using protected processing domains.

Weight

10

Fix Recommendation

Configure Samsung Android Work Environment to enable the access control policy that prevents groups of application processes from accessing all data stored by other groups of application processes.

This guidance is for disabling the sharing of clipboard data from the Work Environment to the Personal Environment and is applicable to COPE only.

On the management tool, in the Work Environment restrictions section, set "Cross profile copy/paste" to "Disallow".

Check Contents

Review Samsung Android Work Environment configuration settings to determine if the access control policy prevents groups of application processes from accessing all data stored by other groups of application processes.

This procedure is for verifying that the sharing of clipboard data from the Work Environment to the Personal Environment is disabled and is applicable to COPE only.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the Work Environment restrictions section, set "Cross profile copy/paste" to "Disallow".

On the Samsung Android device:
1. Using any Work Environment app, copy text to the clipboard.
2. Using any Personal Environment app, verify that the clipboard text cannot be pasted.

If on the management tool "Cross profile copy/paste" is not set to "Disallow", or on the Samsung Android device the clipboard text can be pasted into a Personal Environment app, this is a finding.

Vulnerability Number

V-230993

Documentable

False

Rule Version

KNOX-11-009100

Severity Override Guidance

Review Samsung Android Work Environment configuration settings to determine if the access control policy prevents groups of application processes from accessing all data stored by other groups of application processes.

This procedure is for verifying that the sharing of clipboard data from the Work Environment to the Personal Environment is disabled and is applicable to COPE only.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the Work Environment restrictions section, set "Cross profile copy/paste" to "Disallow".

On the Samsung Android device:
1. Using any Work Environment app, copy text to the clipboard.
2. Using any Personal Environment app, verify that the clipboard text cannot be pasted.

If on the management tool "Cross profile copy/paste" is not set to "Disallow", or on the Samsung Android device the clipboard text can be pasted into a Personal Environment app, this is a finding.

Check Content Reference

M

Target Key

5247

Comments