Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Samsung Android's Work profile must be configured to prevent users from adding personal email accounts to the work email app.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-260451 | KNOX-14-710230 | SV-260451r950932_rule | Medium |
| Description |
|---|
| If the user is able to add a personal email account (POP3, IMAP, EAS) to the work email app, it could be used to forward sensitive DOD data to unauthorized recipients. Restricting email account addition to the Administrator or to allowlisted accounts mitigates this vulnerability. SFR ID: FMT_MOF_EXT.1.2 #47 |
| STIG | Date |
|---|---|
| Samsung Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide | 2024-02-21 |
Details
| Check Text ( C-64181r950930_chk ) |
|---|
| Review the configuration to determine if the Samsung Android devices are preventing users from adding personal email accounts to the work email app. On the management tool, in the device restrictions section, verify "Modify accounts" is set to "Disallow". On the Samsung Android device: 1. Open Settings >> Accounts and backup >> Manage accounts. 2. Navigate to the "Work" tab. 3. Verify no account can be added. If on the management tool "Modify accounts" is not set to "Disallow", or on the Samsung Android device an account can be added, this is a finding. |
| Fix Text (F-64088r950931_fix) |
|---|
| Configure the Samsung Android devices to prevent users from adding personal email accounts to the work email app. On the management tool, in the Work profile restrictions, set "Modify accounts" to "Disallow". |