UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Samsung Android must be configured to disallow outgoing beam.


Overview

Finding ID Version Rule ID IA Controls Severity
V-99985 KNOX-10-011600 SV-109089r1_rule Medium
Description
Outgoing beam allows transfer of data through NFC and Bluetooth by touching two unlocked devices together. If it were enabled, sensitive DoD data could be transmitted. SFR ID: FMT_SMF_EXT.1.1 #47
STIG Date
Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide 2020-03-24

Details

Check Text ( C-98835r1_chk )
Review Samsung Android Work Environment configuration settings to verify that outgoing beam is disallowed.

This requirement is inherently met for COPE as outgoing beam in a "Profile/Workspace" cannot be initiated.

This validation procedure is applicable to COBO only.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, in the Work Environment restrictions section, verify that "disallow outgoing beam" is selected.

On the Samsung Android device, open a picture, contact, or web page and put it back to back with an unlocked outgoing beam-enabled device. Verify that outgoing beam cannot be started.

If on the MDM console "outgoing beam" is not set to "disallow", or on the Samsung Android device the user is able to successfully start outgoing beam, this is a finding.
Fix Text (F-105669r1_fix)
Configure Samsung Android to disallow outgoing beam.

This requirement is inherently met for COPE as outgoing beam in a "Profile/Workspace" cannot be initiated.

This guidance is applicable to COBO only.

On the MDM console, in the Work Environment restrictions section, set "outgoing beam" to "disallow".