STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android Personal Environment must be configured to enforce the system application disable list.

DISA Rule

SV-231038r608683_rule

Vulnerability Number

V-231038

Group Title

PP-MDF-991000

Rule Version

KNOX-11-017800

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the Samsung Android device to enforce the system application disable list.

This guidance is only for the Personal Environment of a COPE deployment.

On the management tool, in the device application section, add all non-AO-approved system app packages to the "system app disable list".

Check Contents

Review Samsung Android Personal Environment configuration settings to determine if the system application disable list is enforced.

This procedure is only for the Personal Environment of a COPE deployment.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device application section, verify that the "system app disable list" contains all apps that have not been approved for DoD use by the Authorizing Official (AO).

On the Samsung Android device, review the Personal Environment apps and confirm that only approved core and preinstalled app are listed.

If on the management tool the "system app disable list" contains non-approved core and preinstalled apps, or on the Samsung Android device non-approved apps are listed, this is a finding.

Vulnerability Number

V-231038

Documentable

False

Rule Version

KNOX-11-017800

Severity Override Guidance

Review Samsung Android Personal Environment configuration settings to determine if the system application disable list is enforced.

This procedure is only for the Personal Environment of a COPE deployment.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device application section, verify that the "system app disable list" contains all apps that have not been approved for DoD use by the Authorizing Official (AO).

On the Samsung Android device, review the Personal Environment apps and confirm that only approved core and preinstalled app are listed.

If on the management tool the "system app disable list" contains non-approved core and preinstalled apps, or on the Samsung Android device non-approved apps are listed, this is a finding.

Check Content Reference

M

Target Key

5248

Comments