UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Samsung Android 12 with Knox 3.x COBO Security Technical Implementation Guide


Overview

Date Finding Count (30)
2022-06-07 CAT I (High): 2 CAT II (Med): 24 CAT III (Low): 4
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-251815 High Samsung Android must be configured to enable encryption for data at rest on removable storage media or, alternately, the use of removable storage media must be disabled.
V-251832 High The Samsung Android device must have the latest available Samsung Android operating system (OS) installed.
V-251828 Medium Samsung Android must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including DoD-approved commercial app repository, management tool server, or mobile application store.
V-251816 Medium Samsung Android must be configured to disable USB mass storage mode.
V-251821 Medium Samsung Android must be configured to enforce an application installation policy by specifying an application allowlist that restricts applications by the following characteristics: names.
V-251820 Medium Samsung Android must have the DoD root and intermediate PKI certificates installed.
V-251823 Medium Samsung Android must be configured to not display the following (Work Environment) notifications when the device is locked: all notifications.
V-251822 Medium Samsung Android must be configured to not allow installation of applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services);- transmit MD diagnostic data to non-DoD servers; - voice assistant application if available when MD is locked; - voice dialing application if available when MD is locked; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers.
V-251825 Medium Samsung Android must be configured to prevent users from adding personal email accounts to the work email app.
V-251824 Medium Samsung Android must be configured to enable audit logging.
V-251827 Medium Samsung Android must allow only the Administrator (management tool) to perform the following management function: install/remove DoD root and intermediate PKI certificates.
V-251826 Medium Samsung Android must be configured to not allow backup of all applications, configuration data to remote systems. - Disable Data Sync Framework
V-251803 Medium Samsung Android must be enrolled as a COBO device.
V-251807 Medium Samsung Android must be configured to enforce a minimum password length of six characters.
V-251806 Medium Samsung Android must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
V-251805 Medium Samsung Android must be configured to not allow passwords that include more than four repeating or sequential characters.
V-251809 Medium Samsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.
V-251808 Medium Samsung Android must be configured to not allow more than 10 consecutive failed authentication attempts.
V-251810 Medium Samsung Android must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor, including face recognition.
V-251811 Medium Samsung Android must be configured to enable a screen-lock policy that will lock the display after a period of inactivity - Disable trust agents.
V-251812 Medium Samsung Android must be configured to not allow backup of all applications and configuration data to remote systems.
V-251813 Medium Samsung Android must be configured to disable developer modes.
V-251817 Medium Samsung Android must be configured to not allow backup of all applications, configuration data to locally connected systems.
V-251818 Medium Samsung Android must be configured to enable authentication of personal hotspot connections to the device using a preshared key.
V-251819 Medium Samsung Android must be configured to disallow configuration of the device's date and time.
V-251831 Medium Samsung Android device users must complete required training.
V-251829 Low Samsung Android must be configured to enable Common Criteria (CC) Mode.
V-251804 Low Samsung Android must be configured to display the DoD advisory warning message at startup or each time the user unlocks the device.
V-251814 Low Samsung Android must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile), SPP (Serial Port Profile), A2DP (Advanced Audio Distribution Profile), AVRCP (Audio/Video Remote Control Profile), and PBAP (Phone Book Access Profile).
V-251830 Low Samsung Android must not accept the certificate when it cannot establish a connection to determine the validity of a certificate.