UCF STIG Viewer Logo

Samsung Android OS 5 with Knox 2.0 Security Technical Implementation Guide


Overview

Date Finding Count (59)
2016-02-24 CAT I (High): 2 CAT II (Med): 47 CAT III (Low): 10
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-61157 High The Samsung Knox for Android platform must protect data at rest on built-in storage media.
V-61159 High The Samsung Knox for Android platform must protect data at rest on removable storage media.
V-61199 Medium The Samsung Knox for Android platform must be configured to disable multi-user modes.
V-61213 Medium The Samsung Knox for Android platform must not allow backup to locally connected systems.
V-61211 Medium The Samsung Knox for Android platform must not display notifications when the device is locked.
V-61217 Medium The Samsung Knox for Android platform must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor (e.g., using a fingerprint), unless mechanism is DoD approved.
V-61153 Medium All mobile operating system cryptography supporting DoD functionality must be FIPS 140-2 validated.
V-61191 Medium The Samsung Knox for Android platform must not allow backup to remote systems.
V-61219 Medium The Samsung Knox for Android platform must be configured to disable VPN split-tunneling (if the MD provides a configurable control for FDP_IFC_EXT.1.1).
V-61239 Medium The Samsung Knox for Android container must implement the management setting: Disable sharing of calendar information outside the container.
V-61179 Medium The Samsung Knox for Android platform must implement the management setting: Disable Allow New Admin Install.
V-61271 Medium The Samsung Knox for Android container must implement the management setting: Configure minimum password complexity.
V-61257 Medium The Samsung Knox for Android container must implement the management setting: Disable Move Applications to Container.
V-61173 Medium The Samsung Knox for Android platform must enforce an application installation policy by specifying an application whitelist.
V-61171 Medium The Samsung Knox for Android platform must enforce an application installation policy by specifying one or more authorized application repositories: Disable unknown sources.
V-61177 Medium The Samsung Knox for Android platform must implement the management setting: Install DoD root and intermediate PKI certificates on the device.
V-61235 Medium The Samsung Knox for Android platform must implement the management setting: Disable Manual Date Time Changes.
V-61175 Medium The Samsung Knox for Android platform must not allow use of developer modes.
V-61237 Medium The Samsung Knox for Android container must implement the management setting: Configure to enforce a minimum password length of 4 characters.
V-61255 Medium The Samsung Knox for Android container must implement the management setting: Configure application install blacklist.
V-61253 Medium The Samsung Knox for Android container must enforce an application installation policy by specifying an application whitelist.
V-61187 Medium The Samsung Knox for Android platform whitelist must not include applications with the following characteristics: Payment processing.
V-61185 Medium The Samsung Knox for Android platform whitelist must not include applications with the following characteristics: Allows synchronization of data or applications between devices associated with user.
V-61183 Medium The Samsung Knox for Android platform whitelist must not include applications with the following characteristics: All pre-installed (core) applications not approved for DoD use by the Approving Official (AO).
V-61181 Medium The Samsung Knox for Android platform must implement the management setting: Configure application install blacklist.
V-61251 Medium The Samsung Knox for Android platform must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-free Profile), and SPP (Serial Port Profile).
V-61247 Medium The Samsung Knox for Android container must be configured to implement the management setting: Enable container.
V-61189 Medium The Samsung Knox for Android platform whitelist must not include applications with the following characteristics: Back up MD data to non-DoD cloud servers (including user and application access to cloud backup services).
V-61205 Medium The Samsung Knox for Android platform must implement the management setting: Disable Nearby devices.
V-61207 Medium The Samsung Knox for Android platform must not allow a USB mass storage mode.
V-61201 Medium The Samsung Knox for Android platform must implement the management setting: Disable S Voice.
V-61203 Medium The Samsung Knox for Android platform must implement the management setting: Disable NFC.
V-61195 Medium The Samsung Knox for Android platform must implement the management setting: Disable USB host storage.
V-61209 Medium The Samsung Knox for Android platform must be configured to disable automatic updates of system software.
V-61169 Medium The Samsung Knox for Android platform must enforce an application installation policy by specifying one or more authorized application repositories: Disable Google Play.
V-61245 Medium The Samsung Knox for Android container must implement the management setting: Disable sharing of notification details outside the container.
V-61261 Medium The Samsung Knox for Android container must implement the management setting: Configure application disable list.
V-61223 Medium The Samsung Knox for Android platform must implement the management setting: Disable Admin Remove.
V-61221 Medium The Samsung Knox for Android platform must be configured to enable the access control policy that prevents [groups of application processes] from accessing [all] data stored by other [groups of application processes].
V-61227 Medium The Samsung Knox for Android platform must disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor: Disable Enable Smart Lock.
V-61165 Medium The Samsung Knox for Android platform must lock the display after 15 minutes (or less) of inactivity.
V-61269 Medium The Samsung Knox for Android container must implement the management setting: Account blacklist.
V-61167 Medium The Samsung Knox for Android container must implement the management setting: Lock the container display after 15 minutes (or less) of inactivity.
V-61267 Medium The Samsung Knox for Android container must implement the management setting: Account whitelist.
V-61243 Medium The Samsung Knox for Android container must implement the management setting: Disable sharing of contact information outside the container.
V-61259 Medium The Samsung Knox for Android container must implement the management setting: Disable Move Files from Container to Personal.
V-61225 Medium The Samsung Knox for Android platform must implement the management setting: Enable Certificate Revocation Status Check.
V-61249 Medium The Samsung Knox for Android platform must implement the management setting: Enable CC mode.
V-61263 Medium The Samsung Knox for Android container must implement the management setting: Disable automatic completion of browser text input.
V-61215 Low The Samsung Knox for Android platform must enable VPN protection.
V-61193 Low The Samsung Knox for Android platform must disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled: Disable Google Crash Report.
V-61197 Low The Samsung Knox for Android platform must not allow passwords that include more than two repeating or sequential characters.
V-61231 Low The Samsung Knox for Android platform must disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled: Disable Report diagnostic info.
V-61233 Low The Samsung Knox for Android platform must display the DoD advisory warning message at start-up or each time the user unlocks the device.
V-61241 Low The Samsung Knox for Android container must implement the management setting: Configure to prohibit more than 10 consecutive failed authentication attempts.
V-61265 Low The Samsung Knox for Android container must not allow passwords that include more than two repeating or sequential characters.
V-61161 Low The Samsung Knox for Android platform must enforce a minimum password length of 6 characters.
V-61163 Low The Samsung Knox for Android platform must not allow more than 10 consecutive failed authentication attempts.
V-61229 Low The Samsung Knox for Android platform must disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled: Configure a KNOX on-premise license.