UCF STIG Viewer Logo

Samsung Android OS 6 (with KNOX 2.x) Security Technical Implementation Guide


Overview

Date Finding Count (61)
2016-11-14 CAT I (High): 3 CAT II (Med): 48 CAT III (Low): 10
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Public)

Finding ID Severity Title
V-69685 High The Samsung KNOX for Android platform must be configured to enable CC mode.
V-69591 High The Samsung KNOX for Android platform must protect data at rest on built-in storage media.
V-69593 High The Samsung KNOX for Android platform must protect data at rest on removable storage media.
V-69663 Medium The Samsung KNOX for Android platform must be configured to disable Enable Smart Lock.
V-69661 Medium The Samsung KNOX for Android platform must be configured to enable a Certificate Revocation Status (CRL) Check.
V-69589 Medium All mobile operating system cryptography supporting DoD functionality must be FIPS 140-2 validated.
V-69705 Medium The Samsung KNOX for Android container must have the Account Blacklist configured.
V-69617 Medium The Samsung KNOX for Android platform whitelist must not include any pre-installed (core) applications not approved for DoD use by the Authorizing Official (AO).
V-69645 Medium The Samsung KNOX for Android platform must not display notifications when the device is locked.
V-69647 Medium The Samsung KNOX for Android platform must not allow backup to locally connected systems.
V-69641 Medium The Samsung KNOX for Android platform must be configured to disable USB mass storage mode.
V-69643 Medium The Samsung KNOX for Android platform must be configured to disable automatic updates of system software.
V-69609 Medium The Samsung KNOX for Android platform must not allow use of developer modes.
V-69601 Medium The Samsung KNOX for Android platform must lock the container after 15 minutes (or less) of inactivity.
V-69673 Medium The Samsung KNOX for Android container must be configured to enforce a minimum password length of four characters.
V-69749 Medium The Samsung KNOX for Android platform must be configured to enable Google Play Inside KNOX.
V-69629 Medium The Samsung KNOX for Android platform must be configured to disable USB host storage.
V-69603 Medium The Samsung KNOX for Android platform must be configured to disable Google Play.
V-69623 Medium The Samsung KNOX for Android platform whitelist must not include applications that back up device data to non-DoD cloud servers (including user and application access to cloud backup services).
V-69625 Medium The Samsung KNOX for Android platform must be configured to disable backup to remote systems.
V-69621 Medium The Samsung KNOX for Android platform whitelist must not include applications that process payments.
V-69613 Medium The Samsung KNOX for Android platform must be configured to disable Allow New Admin Install.
V-69681 Medium The Samsung KNOX for Android container must be configured to disable sharing of notification details outside the container when the container is locked.
V-69683 Medium The Samsung KNOX for Android container must be enabled.
V-69637 Medium The Samsung KNOX for Android platform must be configured to disable Allow NFC.
V-69687 Medium The Samsung KNOX for Android platform must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile), and SPP (Serial Port Profile).
V-69689 Medium The Samsung KNOX for Android container must enforce an application installation policy by specifying an application whitelist.
V-69605 Medium The Samsung KNOX for Android platform must enforce an application installation policy by disabling application installation from unknown sources.
V-69611 Medium The Samsung KNOX for Android platform must have DoD root and intermediate PKI certificates installed on the device.
V-69607 Medium The Samsung KNOX for Android platform must enforce an application installation policy by specifying an application whitelist.
V-69653 Medium The Samsung KNOX for Android platform must disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor.
V-69671 Medium The Samsung KNOX for Android platform must be configured to disable manual date and time changes.
V-69659 Medium The Samsung KNOX for Android platform must be configured to Disable Admin Remove.
V-69599 Medium The Samsung KNOX for Android platform must lock the display after 15 minutes (or less) of inactivity.
V-69675 Medium The Samsung KNOX for Android container must be configured to disable sharing of calendar information outside the container.
V-69679 Medium The Samsung KNOX for Android container must be configured to disable sharing of contact information outside the container.
V-69651 Medium The Samsung KNOX for Android platform must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor (e.g., using a fingerprint), unless the mechanism is DoD-approved.
V-69657 Medium The Samsung KNOX for Android platform must be configured to enable the access control policy that prevents groups of application processes from accessing all data stored by other groups of application processes.
V-69655 Medium The Samsung KNOX for Android platform must be configured to disable VPN split-tunneling (if the mobile device provides a configurable control for FDP_IFC_EXT.1.1).
V-69707 Medium The Samsung KNOX for Android container must have the minimum password complexity configured.
V-69639 Medium The Samsung KNOX for Android platform must be configured to disable Nearby devices.
V-69703 Medium The Samsung KNOX for Android container must have the Account Whitelist configured.
V-69635 Medium The Samsung KNOX for Android platform must be configured to disable S Voice.
V-69619 Medium The Samsung KNOX for Android platform whitelist must not include applications that allow synchronization of data or applications between devices associated with the user.
V-69633 Medium The Samsung KNOX for Android platform must be configured to disable Multi-User mode.
V-69699 Medium The Samsung KNOX for Android container must be configured to disable automatic completion of browser text input.
V-69697 Medium The Samsung KNOX for Android container must have the application disable list configured.
V-69695 Medium The Samsung KNOX for Android container must be configured to disable Move Files from Container to Personal.
V-69693 Medium The Samsung KNOX for Android container must be configured to disable Move Applications to Container.
V-69691 Medium The Samsung KNOX for Android container must have the application install blacklist configured.
V-69615 Medium The Samsung KNOX for Android platform must have the Application Install Blacklist configured.
V-69701 Low The Samsung KNOX for Android container must not allow passwords that include more than two repeating or sequential characters.
V-69649 Low The Samsung KNOX for Android platform must enable virtual private networks (VPN) protection.
V-69665 Low The Samsung KNOX for Android platform must disable the automatic transfer of diagnostic data to an external device.
V-69627 Low The Samsung KNOX for Android platform must be configured to disable Google Crash Report.
V-69667 Low The Samsung KNOX for Android platform must disable Report diagnostic info.
V-69669 Low The Samsung KNOX for Android platform must display the DoD advisory warning message at start-up or each time the user unlocks the device.
V-69677 Low The Samsung KNOX for Android container must be configured to prohibit more than 10 consecutive failed authentication attempts.
V-69595 Low The Samsung KNOX for Android platform must enforce a minimum password length of six characters.
V-69597 Low The Samsung KNOX for Android platform must not allow more than 10 consecutive failed authentication attempts.
V-69631 Low The Samsung KNOX for Android platform must not allow passwords that include more than two repeating or sequential characters.