UCF STIG Viewer Logo

Samsung Android must be configured to disable multi-user modes (tablets only).


Overview

Finding ID Version Rule ID IA Controls Severity
V-231035 KNOX-11-009800 SV-231035r608683_rule Medium
Description
NOTE: This requirement is only applicable to Samsung tablets. Multi-user mode allows multiple users to share a mobile device by providing a degree of separation between user data. To date, no mobile device with multi-user mode features meets DoD requirements for access control, data separation, and non-repudiation for user accounts. In addition, the MDFPP does not include design requirements for multi-user account services. Disabling multi-user mode mitigates the risk of not meeting DoD multi-user account security policies. SFR ID: FMT_SMF_EXT.1.1 #47b
STIG Date
Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide 2020-12-08

Details

Check Text ( C-33965r592719_chk )
Review Samsung Android configuration settings to determine if multi-user mode is disabled.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device Multiuser section, verify that "Multi-user mode" is set to "Disallow".

On the Samsung Android device, open Settings and verify that the "User" setting is not listed.

If on the management tool "Multi-user mode" is not set to "Disallow", or on the Samsung Android device the "User" setting is available, this is a finding.
Fix Text (F-33938r592720_fix)
Configure Samsung Android to disable multi-user modes.

On the management tool, in the device Multiuser section, set "Multi-user mode" to "Disallow".