Samsung Android must be configured to disable multi-user modes (tablets only).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-99959 | KNOX-10-005000 | SV-109063r1_rule | Medium |
| Description |
|---|
| Note: This requirement is only applicable to Samsung tablets. Multi-user mode allows multiple users to share a mobile device by providing a degree of separation between user data. To date, no mobile device with multi-user mode features meets DoD requirements for access control, data separation, and non-repudiation for user accounts. In addition, the MDFPP does not include design requirements for multi-user account services. Disabling multi-user mode mitigates the risk of not meeting DoD multi-user account security policies. SFR ID: FMT_SMF_EXT.1.1 #47b |
| STIG | Date |
|---|---|
| Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide | 2020-03-24 |
Details
| Check Text ( C-98809r1_chk ) |
|---|
| Review Samsung Android configuration settings to determine if multi-user mode is disabled. KPE(Legacy) deployments only: For KPE(AE) deployments this requirement is inherently met. This validation procedure is performed on both the management tool Administration Console and the Samsung Android device. On the management tool, in the device KPE Multiuser section, verify that "Multi-user mode" is set to "Disallow". On the Samsung Android device, open Settings and verify that the "User" setting is not listed. If on the management tool "Multi-user mode" is not set to "Disallow", or on the Samsung Android device the "User" setting is available, this is a finding. |
| Fix Text (F-105643r1_fix) |
|---|
| Configure Samsung Android to disable multi-user modes. KPE(Legacy) deployments only: For KPE(AE) deployments this requirement is inherently met. On the management tool, in the device KPE Multiuser section, set "Multi-user mode" to "Disallow". |