UCF STIG Viewer Logo

Samsung Android Workspace must be configured to enable the Online Certificate Status Protocol (OCSP).


Overview

Finding ID Version Rule ID IA Controls Severity
V-93827 KNOX-09-001330 SV-103913r1_rule Medium
Description
OCSP is a protocol for obtaining the revocation status of a certificate. It addresses problems associated with using Certificate Revocation Lists (CRLs). When OCSP is enabled, it is used prior to CRL checking. If OCSP could not get a decisive response about a certificate, it will then try to use CRL checking. The OCSP response server must be listed in the certificate information under Authority Info Access. This feature must be enabled for a Samsung Android device to be in the NIAP-certified Common Criteria (CC) mode of operation. SFR ID: FMT_SMF_EXT.1.1 #47
STIG Date
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide 2020-02-24

Details

Check Text ( C-93145r1_chk )
Review the Samsung Android Workspace configuration settings to confirm that OCSP checking is enabled for all apps.

This procedure is performed on the MDM Administration console only.

On the MDM console, for the Workspace, in the "Knox certificate" group, verify that "OCSP check" is configured to "enable for all apps".

If on the MDM console "OCSP check" is not configured to "enable for all apps", this is a finding.
Fix Text (F-100073r1_fix)
Configure Samsung Android Workspace to enable OCSP checking for all apps.

On the MDM, for the Workspace, in the "Knox certificate" group, configure "OCSP check" to "enable for all apps".

Refer to the MDM documentation to determine how to configure OCSP checking to "enable for all apps". Some may, for example, allow a wildcard string: "*" (asterisk).