Samsung Android 8 with Knox must be configured to: Add the MDM Client application to the Battery optimizations modes Whitelist.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-80185	KNOX-08-003200	SV-94889r1_rule		Low

Description
Doze and App Standby are power-saving features that extend battery life by deferring background CPU and network activity. If the MDM Client is put into Doze or App Standby mode, the MDM Administrator may not be able to administrate the mobile device (MD). SFR ID: FMT_SMF_EXT.1.1 #47

STIG	Date
Samsung Android OS 8 with Knox 3.x COBO Use Case Security Technical Implementation Guide	2018-11-30

Details

Check Text ( C-79857r1_chk )
Review Samsung Android 8 with Knox configuration settings to determine if the mobile device is configured to add the MDM Client application to the Battery optimizations modes Whitelist. This validation procedure is performed on the MDM Administration Console only. On the MDM console, do the following: 1. Ask the MDM Administrator to display the "Battery optimizations modes Whitelist" setting in the "Android Application" rule. 2. Verify the list contains the MDM Client. Note: Some MDM products automatically apply this setting and there is no configuration to verify. If the MDM console "Battery optimizations modes Whitelist" does not contain the MDM Client, this is a finding.

Check Text ( C-79857r1_chk )

Review Samsung Android 8 with Knox configuration settings to determine if the mobile device is configured to add the MDM Client application to the Battery optimizations modes Whitelist.

This validation procedure is performed on the MDM Administration Console only.

On the MDM console, do the following:
1. Ask the MDM Administrator to display the "Battery optimizations modes Whitelist" setting in the "Android Application" rule.
2. Verify the list contains the MDM Client.

Note: Some MDM products automatically apply this setting and there is no configuration to verify.

If the MDM console "Battery optimizations modes Whitelist" does not contain the MDM Client, this is a finding.

Fix Text (F-86991r1_fix)
Configure Samsung Android 8 with Knox to add the MDM Client application to the Battery optimizations modes Whitelist. On the MDM console, add the MDM Client Package name to the "Battery optimizations modes Whitelist" in the "Android Applications" rule. Note: Some MDM products automatically apply this setting so there is no configuration setting to apply. Note: Some MDM consoles may require (or take as an optional input) the MDM Client Signature.

Fix Text (F-86991r1_fix)

Configure Samsung Android 8 with Knox to add the MDM Client application to the Battery optimizations modes Whitelist.

On the MDM console, add the MDM Client Package name to the "Battery optimizations modes Whitelist" in the "Android Applications" rule.

Note: Some MDM products automatically apply this setting so there is no configuration setting to apply.

Note: Some MDM consoles may require (or take as an optional input) the MDM Client Signature.