Samsung Android Work Environment must be configured to enforce that Wi-Fi Sharing is disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-99987	KNOX-10-011800	SV-109091r1_rule		Medium

Description
Wi-Fi Sharing is an optional configuration of Wi-Fi Tethering/Mobile Hotspot, which allows the device to share its Wi-Fi connection with other wirelessly connected devices instead of its mobile (cellular) connection. Wi-Fi Sharing grants the "other" device access to a corporate Wi-Fi network and may possibly bypass the network access control mechanisms. This risk can be partially mitigated by requiring the use of a pre-shared key for personal hotspots. SFR ID: FMT_SMF_EXT.1.1 #47

Description

Wi-Fi Sharing is an optional configuration of Wi-Fi Tethering/Mobile Hotspot, which allows the device to share its Wi-Fi connection with other wirelessly connected devices instead of its mobile (cellular) connection. Wi-Fi Sharing grants the "other" device access to a corporate Wi-Fi network and may possibly bypass the network access control mechanisms. This risk can be partially mitigated by requiring the use of a pre-shared key for personal hotspots. SFR ID: FMT_SMF_EXT.1.1 #47

STIG	Date
Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide	2020-03-24

Details

Check Text ( C-98837r1_chk )
Review Samsung Android device configuration settings to confirm that Wi-Fi Sharing is disabled. Mobile Hotspot must be enabled in order to enable Wi-Fi Sharing. If the AO has not approved Mobile Hotspot, and it has been verified as disabled on the management tool, the following guidance is not applicable. This setting cannot be managed by the management tool Administrator and is a User Based Enforcement (UBE) requirement. On the Samsung Android device, do the following: 1. Open Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile hotspot. 2. Verify that “Wi-Fi sharing” is disabled. If on the Samsung Android device “Wi-Fi sharing” is enabled, this is a finding.

Check Text ( C-98837r1_chk )

Review Samsung Android device configuration settings to confirm that Wi-Fi Sharing is disabled.

Mobile Hotspot must be enabled in order to enable Wi-Fi Sharing. If the AO has not approved Mobile Hotspot, and it has been verified as disabled on the management tool, the following guidance is not applicable.

This setting cannot be managed by the management tool Administrator and is a User Based Enforcement (UBE) requirement.

On the Samsung Android device, do the following:
1. Open Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile hotspot.
2. Verify that “Wi-Fi sharing” is disabled.

If on the Samsung Android device “Wi-Fi sharing” is enabled, this is a finding.

Fix Text (F-105671r1_fix)
Configure Samsung Android to disable Wi-Fi Sharing. Mobile Hotspot must be enabled in order to enable Wi-Fi Sharing. If the AO has not approved Mobile Hotspot, and it has been disabled on the management tool, the following guidance is not applicable. On the Samsung Android device, do the following: 1. Open Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile hotspot. 2. Disable “Wi-Fi sharing” if it is enabled.

Fix Text (F-105671r1_fix)

Configure Samsung Android to disable Wi-Fi Sharing.

Mobile Hotspot must be enabled in order to enable Wi-Fi Sharing. If the AO has not approved Mobile Hotspot, and it has been disabled on the management tool, the following guidance is not applicable.

On the Samsung Android device, do the following:
1. Open Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile hotspot.
2. Disable “Wi-Fi sharing” if it is enabled.