UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Samsung Android must [not accept the certificate] when it cannot establish a connection to determine the validity of a certificate.


Overview

Finding ID Version Rule ID IA Controls Severity
V-231036 KNOX-11-014000 SV-231036r608683_rule Low
Description
Certificate-based security controls are dependent on the ability of the system to verify the validity of a certificate. If the MOS were to accept an invalid certificate, it could take unauthorized actions, resulting in unanticipated outcomes. At the same time, if the MOS were to disable functionality when it could not determine the validity of the certificate, this could result in a denial of service. Therefore, the ability to provide exceptions is appropriate to balance the tradeoff between security and functionality. Always accepting certificates when they cannot be determined to be valid is the most extreme exception policy and is not appropriate in the DoD context. Involving an Administrator or user in the exception decision mitigates this risk to some degree. SFR ID: FIA_X509_EXT_2.2
STIG Date
Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide 2020-12-08

Details

Check Text ( C-33966r592722_chk )
Verify requirement KNOX-11-020200 (CC Mode) has been implemented.

If CC Mode has not been implemented, this is a finding.
Fix Text (F-33939r592723_fix)
Implement CC Mode (see requirement KNOX-11-020200).