Any accessory that provides wired networking capabilities to a Samsung Android device must not be connected to a DoD network (for example: DeX Station [LAN port], USB to Ethernet adapter, etc.).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-93869	KNOX-09-000365	SV-103955r1_rule		Medium

Description
If a Samsung Android device uses an accessory that provides wired networking capabilities, and that accessory is connected to a DoD network, then the Samsung Android device would also be connected to the DoD network. Samsung Android devices most likely have a number of personal apps installed that may include malware or have high-risk behaviors (for example, offloading data from the phone to third-party servers outside the United States). In addition, smartphones do not generally meet security requirements for computer devices to connect directly to DoD networks. Note: Samsung DeX mode (with input devices) will not work unless the "USB host mode exception list" is configured (see requirement KNOX-09-000755 for more information). SFR ID: FMT_MOF_EXT.1.2 #47

Description

If a Samsung Android device uses an accessory that provides wired networking capabilities, and that accessory is connected to a DoD network, then the Samsung Android device would also be connected to the DoD network. Samsung Android devices most likely have a number of personal apps installed that may include malware or have high-risk behaviors (for example, offloading data from the phone to third-party servers outside the United States). In addition, smartphones do not generally meet security requirements for computer devices to connect directly to DoD networks. Note: Samsung DeX mode (with input devices) will not work unless the "USB host mode exception list" is configured (see requirement KNOX-09-000755 for more information). SFR ID: FMT_MOF_EXT.1.2 #47

STIG	Date
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment Security Technical Implementation Guide	2019-10-01

Details

Check Text ( C-93187r1_chk )
Review accessories that provide wired networking capabilities to Samsung Android devices at the site and verify that the accessories are not connected to a DoD network. If accessories that provide wired networking capabilities to Samsung Android devices are connected to DoD networks, this is a finding. Note: Connections to a site's guest network that provides Internet-only access can be used. Note: This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.

Check Text ( C-93187r1_chk )

Review accessories that provide wired networking capabilities to Samsung Android devices at the site and verify that the accessories are not connected to a DoD network.

If accessories that provide wired networking capabilities to Samsung Android devices are connected to DoD networks, this is a finding.

Note: Connections to a site's guest network that provides Internet-only access can be used.

Note: This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.

Fix Text (F-100115r1_fix)
When using an accessory that provides wired networking capabilities to a Samsung Android device, do not connect the accessory to a DoD network. Note: This setting cannot be managed by the MDM administrator and is a UBE requirement.