Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-69589 | KNOX-30-000100 | SV-84211r1_rule | Medium |
Description |
---|
Unapproved cryptographic algorithms cannot be relied upon to provide confidentiality or integrity, and DoD data could be compromised as a result. The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS 140-2 validation is also a strict requirement for use of cryptography in the Federal Government for protecting unclassified data. SFR ID: FCS |
STIG | Date |
---|---|
Samsung Android OS 6 (with KNOX 2.x) Security Technical Implementation Guide | 2016-11-14 |
Check Text ( C-70007r1_chk ) |
---|
Note: This validation procedure is identical to the one for KNOX-39-015600. It only needs to be performed once. If it is found compliant on the first check, it is also compliant here. If it is determined to be a finding on the first check, it is also a finding here. Redundant checks are necessary to maintain requirements traceability and provide complete risk management information to Authorizing Officials (AOs). This validation procedure is performed on both the MDM Administration Console and the Samsung KNOX for Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "CC Mode" settings in the "Android Restrictions" rule. 2. Verify the value is enabled. Note: If the MDM does not support CC mode, ask the MDM administrator if the Samsung APK has been installed and CC mode enabled. On the Samsung KNOX for Android device: 1. Open the device settings. 2. Select "About Device". 3. Select "Software info". (Note: On some devices, this step is not needed.) 4. Verify the value of "Security software version" displays "Enforced". If the CC mode setting is not enabled, or if the "Security software version" on the device does not display "Enforced", this is a finding. |
Fix Text (F-75763r1_fix) |
---|
Configure the mobile operating system to use a FIPS 140-2 validated cryptographic module. Configure the operating system to enable CC mode. On the MDM Administration Console, enable the "CC mode" setting in the "Android Restrictions" rule. If this setting is not available on the console, install the CC mode APK, and enable CC mode from this application. This APK will be made available by Samsung. |