UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Samsung Android Work Environment must be configured to disable the Auto Fill services.


Overview

Finding ID Version Rule ID IA Controls Severity
V-99975 KNOX-10-010600 SV-109079r1_rule Medium
Description
The auto-fill services allow the user to complete text inputs that could contain sensitive information, such as personally identifiable information (PII), without previous knowledge of the information. By allowing the use of auto-fill services, an adversary who learns a user's Samsung Android device password, or who otherwise is able to unlock the device, may be able to further breach other systems by relying on the auto-fill services to provide information unknown to the adversary. By disabling the auto-fill services, the risk of an adversary gaining further information about the device's user or compromising other systems is significantly mitigated. Examples of apps that offer Autofill services include Samsung Pass, Google, Dashlane, LastPass, and 1Password. SFR ID: FMT_SMF_EXT.1.1 #47
STIG Date
Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide 2020-03-24

Details

Check Text ( C-98825r1_chk )
Review Samsung Android Work Environment configuration settings to determine if autofill services are disabled.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

This policy cannot be enforced on a KPE(Legacy) deployment.

On the management tool, in the Work Environment restrictions section, verify that "Autofill services" is set to "Disallow".

For COPE: On the Samsung Android device, do the following:
1. Open Settings >> Work profile >> More settings >> Keyboard and input.
2. Verify that "Autofill service" is not present.

For COBO: On the Samsung Android device, do the following:
1. Open Settings >> General management >> Language and input.
2. Verify that "Autofill service" is not present.

If on the management tool "Autofill services" is not set to "Disallow", or on the Samsung Android device "Autofill service" is present, this is a finding.
Fix Text (F-105659r1_fix)
Configure the Samsung Android Work Environment to disable autofill services.

This policy cannot be enforced on a KPE(Legacy) deployment.

On the management tool, in the Work Environment restrictions section, set "Autofill services" to "Disallow".