Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Samsung Android must be configured to not allow backup of all applications, configuration data to remote systems. - Disable Data Sync Framework.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-258649 | KNOX-14-110240 | SV-258649r931147_rule | Medium |
| Description |
|---|
| Backups to remote systems (including cloud backup) can leave data vulnerable to breach on the external systems, which often offer less protection than the MOS. Where the remote backup involves a cloud-based solution, the backup capability is often used to synchronize data across multiple devices. In this case, DOD devices may synchronize DOD sensitive information to a user's personal device or other unauthorized computers that are vulnerable to breach. The Data Sync Framework allows apps to synchronize data between the mobile device and other web-based services. This uses accounts for services the user has added to the mobile device. Preventing the user from adding accounts to the device mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #40 |
| STIG | Date |
|---|---|
| Samsung Android OS 14 with Knox 3.x COBO Security Technical Implementation Guide | 2023-10-18 |
Details
| Check Text ( C-62389r931145_chk ) |
|---|
| Verify requirement KNOX-14-110230 (disallow modify accounts) has been implemented. If disallowing modify accounts has not been implemented, this is a finding. |
| Fix Text (F-62298r931146_fix) |
|---|
| Disallow modify accounts (refer to requirement KNOX-14-110230). |