UCF STIG Viewer Logo

Samsung Android must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [DoD-approved commercial app repository, MDM server, mobile application store]: - disallow unknown app installation sources.


Overview

Finding ID Version Rule ID IA Controls Severity
V-93569 KNOX-09-000135 SV-103655r1_rule Medium
Description
Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing such installations and executions could cause a compromise of DoD data accessible by these unauthorized/malicious applications. SFR ID: FMT_SMF_EXT.1.1 #8a
STIG Date
Samsung Android OS 9 with Knox 3.x COBO Use Case KPE(Legacy) Deployment Security Technical Implementation Guide 2019-10-01

Details

Check Text ( C-92885r1_chk )
Review device configuration settings to confirm that installation from unauthorized application repositories is disallowed.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Knox restrictions" group, verify that "allow install unknown sources" is not selected.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Apps".
3. Tap the Overflow menu (three vertical dots).
4. Tap "Special Access".
5. Tap "Install unknown apps".
6. Tap a listed app.
7. Verify that "Allow from this source" cannot be enabled.

If on the MDM console "allow install unknown source" is selected, or on the Samsung Android device the user can enable "allow from this source" for an app, this is a finding.
Fix Text (F-99813r1_fix)
Configure Samsung Android to disallow installation from unauthorized application repositories.

On the MDM console, for the device, in the "Knox restrictions" group, unselect "allow install unknown sources".