| Checked | Name | Title |
|---|
| ☐ | SV-103931r1_rule | The Samsung Android Workspace must be configured to prevent users from adding personal email accounts to the work email app. |
| ☐ | SV-103933r1_rule | Samsung Android must be configured to enforce the system application disable list. |
| ☐ | SV-103935r1_rule | Samsung Android Workspace must be configured to enforce the system application disable list. |
| ☐ | SV-103937r1_rule | Samsung Android Workspace must be configured to enforce an application installation policy by specifying an application whitelist that restricts applications by the following characteristics: list of digital signatures, list of package names. |
| ☐ | SV-103939r1_rule | The Samsung Android whitelist must be configured to not include applications with the following characteristic: - transmit MD diagnostic data to non-DoD servers. |
| ☐ | SV-103941r1_rule | The Samsung Android Workspace whitelist must be configured to not include applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services); - transmit MD diagnostic data to non-DoD servers; - voice assistant application if available when MD is locked; - voice dialing application if available when MD is locked; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. |
| ☐ | SV-103943r1_rule | Samsung Android must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [DoD-approved commercial app repository, MDM server, mobile application store]: - disallow unknown app installation sources. |
| ☐ | SV-103945r1_rule | Samsung Android must be configured to enable the Knox audit log. |
| ☐ | SV-103947r1_rule | Samsung Android must be configured to disable exceptions to the access control policy that prevents [application processes, groups of application processes] from accessing [all, private] data stored by other [application processes, groups of application processes]. |
| ☐ | SV-103949r1_rule | Samsung Android must be configured to create a Knox Workspace. |
| ☐ | SV-103951r1_rule | Samsung Android Workspace must be configured to not display the following notifications when the device is locked: - all notifications. |
| ☐ | SV-103953r1_rule | Samsung Android device users must complete required training. |
| ☐ | SV-103955r1_rule | Any accessory that provides wired networking capabilities to a Samsung Android device must not be connected to a DoD network (for example: DeX Station [LAN port], USB to Ethernet adapter, etc.). |
| ☐ | SV-103957r1_rule | Samsung Android must be configured to enforce a minimum password length of six characters. |
| ☐ | SV-103959r1_rule | Samsung Android must be configured to not allow passwords that include more than two repeating or sequential characters. |
| ☐ | SV-103961r1_rule | Samsung Android must be configured to lock the display after 15 minutes (or less) of inactivity. |
| ☐ | SV-103963r1_rule | Samsung Android Workspace must be configured to lock after 15 minutes (or less) of inactivity. |
| ☐ | SV-103965r1_rule | Samsung Android must be configured to not allow more than 10 consecutive failed authentication attempts. |
| ☐ | SV-103967r1_rule | Samsung Android Workspace must be configured to not allow more than 10 consecutive failed authentication attempts. |
| ☐ | SV-103969r1_rule | Samsung Android must be configured to disable trust agents. Note: This requirement is not applicable (NA) for specific biometric authentication factors included in the products Common Criteria evaluation. |
| ☐ | SV-103971r1_rule | Samsung Android must be configured to disable Face Recognition.
Note: This requirement is not applicable (NA) for specific biometric authentication factors included in the products Common Criteria evaluation. |
| ☐ | SV-103973r1_rule | Samsung Android Workspace must be configured to disable automatic completion of Samsung Internet browser text input. |
| ☐ | SV-103975r1_rule | Samsung Android must be configured to disable multi-user modes. |
| ☐ | SV-103977r2_rule | Samsung Android must be configured to disable all Bluetooth profiles except HSP (Headset Profile), HFP (HandsFree Profile), SPP (Serial Port Profile), A2DP (Advanced Audio Distribution Profile), AVRCP (Audio/Video Remote Control Profile), and PBAP (Phone Book Access Profile). |
| ☐ | SV-103979r1_rule | Samsung Android must be configured to disable USB mass storage mode. |
| ☐ | SV-103981r1_rule | Samsung Android must be configured to enable Knox Common Criteria (CC) Mode. |
| ☐ | SV-103983r1_rule | Samsung Android must be configured to disallow configuration of date and time. |
| ☐ | SV-103985r1_rule | Samsung Android must be configured to enforce a USB host mode exception list. Note: This configuration allows DeX mode (with input devices), which is DoD-approved for use. |
| ☐ | SV-103987r1_rule | Samsung Android Workspace must be configured to disallow the Share Via List feature. |
| ☐ | SV-103989r1_rule | Samsung Android must be configured to not allow backup of [all applications, configuration data] to locally connected systems. |
| ☐ | SV-103991r1_rule | Samsung Android Workspace must be configured to not allow backup of [all applications, configuration data] to remote systems. |
| ☐ | SV-103993r1_rule | Samsung Android must be configured to disable developer modes. |
| ☐ | SV-103995r1_rule | Samsung Android must be configured to enable authentication of personal hotspot connections to the device using a preshared key. |
| ☐ | SV-103997r1_rule | Samsung Android must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled. |
| ☐ | SV-103999r1_rule | Samsung Android Workspace must be configured to enable Certificate Revocation List (CRL) status checking. |
| ☐ | SV-104001r1_rule | Samsung Android must be configured to enable Certificate Revocation List (CRL) status checking. |
| ☐ | SV-104003r2_rule | Samsung Android Workspace must have the DoD root and intermediate PKI certificates installed. |
| ☐ | SV-104007r1_rule | Samsung Android must be configured to display the DoD advisory warning message at startup or each time the user unlocks the device. |
| ☐ | SV-104009r1_rule | Samsung Android devices must have the latest available Samsung Android operating system installed. |
| ☐ | SV-104011r1_rule | Samsung Android Workspace must be configured to enable the Online Certificate Status Protocol (OCSP). |
| ☐ | SV-104013r1_rule | Samsung Android must be configured to enable the Online Certificate Status Protocol (OCSP). |
| ☐ | SV-104015r1_rule | Samsung Android Workspace must be configured to not enable Microsoft Exchange ActiveSync (EAS) password recovery. This requirement is not applicable if not using Microsoft EAS. |
| ☐ | SV-104017r1_rule | Samsung Android must be configured to not enable Microsoft Exchange ActiveSync (EAS) password recovery. This requirement is not applicable if not using Microsoft EAS. |
| ☐ | SV-104019r1_rule | Samsung Android must be configured to set the password history with a length of 0. |
| ☐ | SV-104021r1_rule | Samsung Android Workspace must be configured to set the password history with a length of 0. |
| ☐ | SV-104023r1_rule | Samsung Android must be configured to enforce that Secure Startup is enabled. This requirement is Not Applicable (NA) to Galaxy S10 (or newer) devices. |
| ☐ | SV-104025r2_rule | Samsung Android must be configured to enable a screen-lock policy that will lock the display after a period of inactivity. |
| ☐ | SV-104027r1_rule | Samsung Android Workspace must be configured to enforce a minimum password length of four characters. |
| ☐ | SV-104029r1_rule | Samsung Android Workspace must be configured to not allow passwords that include more than two repeating or sequential characters. |
| ☐ | SV-104031r2_rule | Samsung Android Workspace must be configured to enable a screen-lock policy that will lock the Workspace after a period of inactivity. |
| ☐ | SV-104033r1_rule | Samsung Android must be configured to enforce that Strong Protection is enabled. This requirement is Not Applicable (NA) for devices older than Galaxy S10. |
STIGQter: STIG Summary: