The Samsung KNOX for Android platform must be configured to disable Multi-User mode.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-69633 | KNOX-35-022500 | SV-84255r1_rule | Medium |
| Description |
|---|
| By default, the enterprise administrator will install and enroll MDM on the device's owner user space. Since some policies configured by the MDM will only apply to the owner space, the user can bypass some of these policies by creating and switching to a guest user space. This can potentially result in compromise of the device and DoD data via installation of malicious applications. Disabling this feature will mitigate this risk. SFR ID: FMT_SMF_EXT.1.1 #45 |
| STIG | Date |
|---|---|
| Samsung Android OS 6 (with KNOX 2.x) Security Technical Implementation Guide | 2016-11-14 |
Details
| Check Text ( C-70069r1_chk ) |
|---|
| This validation procedure is performed on both the MDM Administration Console and the Samsung KNOX for Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Allow multi-user mode" settings in the "Android Restrictions" rule. 2. Verify the setting is disabled. On the Samsung KNOX for Android device: 1. Open the device settings. 2. Attempt to add a user in the "User" setting. 3. Verify that the "User" setting is not available. If the "Allow multi-user mode" setting is enabled, or if the user is able to add a user, this is a finding. |
| Fix Text (F-75823r1_fix) |
|---|
| Configure the mobile operating system to disable multi-user modes. On the MDM Administration Console, disable the "Allow multi-user mode" setting in the "Android Restrictions" rule. Note: This requirement is only applicable for tablet devices. |