STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x AE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x AE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-231000r607691_rule
V-231000
PP-MDF-991000
KNOX-11-018500
CAT II
10
Enroll the Samsung Android device in a DoD-approved use case by either of the following methods:
Method #1: Work profile for company-owned devices (COPE)
On the management tool, configure the default enrollment as "Work profile for company-owned devices".
****
Method #2: Fully Managed (COBO)
On the management tool, configure the default enrollment as "Fully managed".
****
Refer to the management tool documentation to determine how to configure the device enrollment.
Confirm if Method #1 or #2 is used at the Samsung device site and follow the appropriate procedure.
This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.
****
Validation Procedure for Method #1: Work profile for company-owned devices (COPE)
On the management tool, verify that the default enrollment is set to "Work profile for company-owned devices".
On the Samsung Android device:
1. Open Settings >> Work profile >> Other security settings >> Device admin apps.
2. Verify that the management tool Agent is listed.
3. Go to the app drawer.
4. Verify that a "Personal" and "Work" tab are present.
If on the management tool the default enrollment is not set as "Work profile for company-owned devices", or on the Samsung Android device the "Personal" and "Work" tabs are not present or the management tool Agent is not listed, this is a finding.
****
Validation Procedure for Method #2: Fully Managed (COBO)
On the management tool, verify that the default enrollment is set as "Fully managed".
On the Samsung Android device:
1. Open Settings >> Biometric and security >> Other security settings >> Device admin apps.
2. Verify that the management tool Agent is listed.
****
If on the management tool the default enrollment is not set as "Fully managed", or the management tool Agent is not listed, this is a finding.
V-231000
False
KNOX-11-018500
Confirm if Method #1 or #2 is used at the Samsung device site and follow the appropriate procedure.
This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.
****
Validation Procedure for Method #1: Work profile for company-owned devices (COPE)
On the management tool, verify that the default enrollment is set to "Work profile for company-owned devices".
On the Samsung Android device:
1. Open Settings >> Work profile >> Other security settings >> Device admin apps.
2. Verify that the management tool Agent is listed.
3. Go to the app drawer.
4. Verify that a "Personal" and "Work" tab are present.
If on the management tool the default enrollment is not set as "Work profile for company-owned devices", or on the Samsung Android device the "Personal" and "Work" tabs are not present or the management tool Agent is not listed, this is a finding.
****
Validation Procedure for Method #2: Fully Managed (COBO)
On the management tool, verify that the default enrollment is set as "Fully managed".
On the Samsung Android device:
1. Open Settings >> Biometric and security >> Other security settings >> Device admin apps.
2. Verify that the management tool Agent is listed.
****
If on the management tool the default enrollment is not set as "Fully managed", or the management tool Agent is not listed, this is a finding.
M
5247