STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x AE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x AE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-230997r607691_rule
V-230997
PP-MDF-991000
KNOX-11-017700
CAT II
10
Configure the Samsung Android device to enforce the system application disable list.
This guidance is only for the Personal Environment of a COPE deployment.
The required configuration is the default configuration when the device is enrolled as an AE deployment.
If the device configuration is changed, use the following procedure to bring the device back into compliance:
On the management tool, configure a list of approved Google core and preinstalled apps in the core app allowlist.
Review Samsung Android Personal Environment configuration settings to determine if the system application disable list is enforced.
This procedure is only for the Personal Environment of a COPE deployment.
This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.
The required configuration is the default configuration when the device is enrolled as an AE deployment.
On the management tool, verify that the "core app allowlist" contains only approved core and preinstalled apps.
On the Samsung Android device, review the Personal Environment apps and confirm that only approved core and preinstalled apps are listed.
If on the management tool the "core app allowlist" contains non-approved core and preinstalled apps, or on the Samsung Android device non-approved apps are listed, this is a finding.
V-230997
False
KNOX-11-017700
Review Samsung Android Personal Environment configuration settings to determine if the system application disable list is enforced.
This procedure is only for the Personal Environment of a COPE deployment.
This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.
The required configuration is the default configuration when the device is enrolled as an AE deployment.
On the management tool, verify that the "core app allowlist" contains only approved core and preinstalled apps.
On the Samsung Android device, review the Personal Environment apps and confirm that only approved core and preinstalled apps are listed.
If on the management tool the "core app allowlist" contains non-approved core and preinstalled apps, or on the Samsung Android device non-approved apps are listed, this is a finding.
M
5247