The Samsung Android device work profile must be configured to disable automatic completion of workspace internet browser text input.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-260461	KNOX-14-725050	SV-260461r950962_rule		Medium

Description
The autofill functionality in the web browser allows the user to complete a form that contains sensitive information, such as personally identifiable information (PII), without previous knowledge of the information. By allowing the use of autofill functionality, an adversary who learns a user's Android 14 device password, or who otherwise is able to unlock the device, may be able to further breach other systems by relying on the autofill feature to provide information unknown to the adversary. By disabling the autofill functionality, the risk of an adversary gaining further information about the device's user or compromising other systems is significantly mitigated. SFR ID: FMT_SMF_EXT.1.1 #47

Description

The autofill functionality in the web browser allows the user to complete a form that contains sensitive information, such as personally identifiable information (PII), without previous knowledge of the information. By allowing the use of autofill functionality, an adversary who learns a user's Android 14 device password, or who otherwise is able to unlock the device, may be able to further breach other systems by relying on the autofill feature to provide information unknown to the adversary. By disabling the autofill functionality, the risk of an adversary gaining further information about the device's user or compromising other systems is significantly mitigated. SFR ID: FMT_SMF_EXT.1.1 #47

STIG	Date
Samsung Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide	2024-02-21

Details

Check Text ( C-64191r950960_chk )
Review the work profile Chrome Browser app on the Samsung Android 14 autofill setting. This validation procedure is performed on the management tool. On the management tool: 1. Open "Managed Configurations" section. 2. Select the Chrome Browser version from the work profile. 3. Verify "PasswordManagerEnabled" is turned "OFF". 4. Verify "AutofillAddressEnabled" is turned "OFF". 5. Verify "AutofillCreditCardEnabled" is turned "OFF". If on the management tool any of the browser autofill settings are set to "On" in the Chrome Browser Settings, this is a finding.

Check Text ( C-64191r950960_chk )

Review the work profile Chrome Browser app on the Samsung Android 14 autofill setting.

This validation procedure is performed on the management tool.

On the management tool:
1. Open "Managed Configurations" section.
2. Select the Chrome Browser version from the work profile.
3. Verify "PasswordManagerEnabled" is turned "OFF".
4. Verify "AutofillAddressEnabled" is turned "OFF".
5. Verify "AutofillCreditCardEnabled" is turned "OFF".

If on the management tool any of the browser autofill settings are set to "On" in the Chrome Browser Settings, this is a finding.

Fix Text (F-64098r950961_fix)
Configure the Samsung Android 14 device to disable the autofill functionality. The required configuration is the default configuration when the device is enrolled. If the device configuration is changed, use the following procedure to bring the device back into compliance: On the management tool: 1. Open the "Managed configurations" section. 2. Select the Chrome Browser version from the work profile. 3. Ensure "PasswordManagerEnabled" is turned "OFF". 4. Ensure "AutofillAddressEnabled" is turned "OFF". 5. Ensure "AutofillCreditCardEnabled" is turned "OFF".

Fix Text (F-64098r950961_fix)

Configure the Samsung Android 14 device to disable the autofill functionality.

The required configuration is the default configuration when the device is enrolled. If the device configuration is changed, use the following procedure to bring the device back into compliance:

On the management tool:
1. Open the "Managed configurations" section.
2. Select the Chrome Browser version from the work profile.
3. Ensure "PasswordManagerEnabled" is turned "OFF".
4. Ensure "AutofillAddressEnabled" is turned "OFF".
5. Ensure "AutofillCreditCardEnabled" is turned "OFF".