UCF STIG Viewer Logo

Samsung Android (with Knox 1.x) STIG


Overview

Date Finding Count (47)
2014-04-22 CAT I (High): 0 CAT II (Med): 33 CAT III (Low): 14
STIG Description
Developed by Samsung Electronics Co., Ltd. in coordination with DISA for the DoD.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-48349 Medium Samsung Knox Android must allow only the administrator/MDM to enable/disable USB mass storage mode.
V-48279 Medium The Samsung Knox Android VPN client must use either IPSec or SSL/TLS when connecting to DoD networks.
V-48253 Medium The container must be enabled by the administrator/MDM.
V-48251 Medium The administrator/MDM must enable CC mode.
V-48255 Medium The mobile device operating system must have access to DoD root and intermediate PKI certificates when performing DoD PKI-related transactions.
V-49687 Medium Samsung Knox Android must lock the container after 15 minutes of inactivity.
V-49685 Medium The administrator/MDM must configure the application installation policy by specifying authorized application repositories (Enroll in MDM).
V-49683 Medium The administrator/MDM must configure the application installation policy by specifying authorized application repositories (Disable unknown sources).
V-49681 Medium Samsung Knox Android must protect data-at-rest on removable storage media.
V-48343 Medium Samsung Knox Android must allow only the administrator/MDM to enable/disable developer modes.
V-48333 Medium The administrator/MDM must configure an application whitelist, listing authorized applications and versions.
V-48263 Medium Samsung Knox Android must allow only the administrator/MDM to set the screen lock timeout for the container password.
V-48261 Medium Only DoD PKI issued or DoD approved server authentication certificates must be installed on DoD Samsung Knox Android devices.
V-48289 Medium Samsung Knox Android must prevent a user from using a browser outside the container that does not direct its traffic to a DoD proxy server.
V-48265 Medium The Samsung Knox Android Bluetooth module must not permit any data transfer between devices prior to Bluetooth mutual authentication.
V-48249 Medium Samsung Knox Android must protect data-at-rest on built-in storage media.
V-48345 Medium Samsung Knox Android must allow only the administrator/MDM to enable/disable data-at-rest protection.
V-48337 Medium The administrator/MDM must configure the application installation policy by specifying authorized application repositories (Disable Google Play).
V-48319 Medium Samsung Knox Android must lock the device screen after a time period of inactivity.
V-48247 Medium The administrator/MDM must disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile) and SPP (Serial Port Profile).
V-48347 Medium Samsung Knox Android must allow only the administrator/MDM to enable/disable data-at-rest protection for removable media.
V-48313 Medium Samsung Knox Android must employ mobile device management services to centrally manage security relevant configuration and policy settings.
V-48339 Medium Samsung Knox Android must allow only the administrator/MDM to configure application installation policy by specifying a set of allowed applications and versions (an application whitelist).
V-48269 Medium Samsung Knox Android must authenticate devices before establishing remote network (e.g., VPN) connections using bidirectional cryptographically based authentication between devices.
V-48335 Medium Samsung Knox Android must allow only the administrator/MDM to configure application installation policy by specifying authorized application repositories.
V-48341 Medium Samsung Knox Android must allow only the administrator/MDM to enable/disable wireless remote access connections (except for personal hotspot service), and tethered connections.
V-48293 Medium The administrator/MDM must disable USB debugging.
V-48275 Medium Samsung Knox Android must prevent a user from using a browser in the container that does not direct its traffic to a DoD proxy server.
V-48321 Medium The administrator/MDM must disable USB mass storage mode.
V-48305 Medium Samsung Knox Android must allow only the administrator/MDM to disable the screen lock function.
V-48307 Medium Samsung Knox Android must allow only the administrator/MDM to set the screen lock timeout.
V-48283 Medium The Samsung Knox Android Bluetooth stack must use 128-bit Bluetooth encryption when performing data communications with other Bluetooth devices.
V-48291 Medium Samsung Knox Android must authenticate tethered connections to the device.
V-48257 Low The administrator/MDM must set the maximum number of consecutive failed container authentication attempts to 10 or less.
V-48271 Low Samsung Knox Android must allow only the administrator/MDM to enforce a minimum password length for the container password.
V-48277 Low Samsung Knox Android must synchronize the internal clock on an organization-defined periodic basis with an authoritative time server or the Global Positioning System.
V-48285 Low The administrator/MDM must configure the mobile operating system to display the DoD-standard consent banner.
V-48287 Low The administrator/MDM must disable mock locations.
V-48281 Low Before establishing a user session, Samsung Knox Android must display an administrator/MDM-specified advisory notice and consent warning banner regarding use of Samsung Knox Android.
V-48267 Low The administrator/MDM must enforce a minimum password length of 6 characters for the container password.
V-48273 Low Samsung Knox Android must be able to filter both inbound and outbound traffic based on IP address and UDP/TCP port.
V-48297 Low Samsung Knox Android must wipe all protected data from the device after 10 consecutive unsuccessful attempts to unlock the device.
V-48311 Low The administrator/MDM must enforce a minimum device unlock password length of 6 characters.
V-48317 Low The administrator/MDM must set the maximum number of consecutive failed authentication attempts for the device unlock password to 10 or less.
V-48309 Low Samsung Knox Android must allow only the administrator/MDM to set the maximum number of consecutive failed authentication attempts.
V-48299 Low Samsung Knox Android must allow only the administrator/MDM to enforce a minimum password length.
V-48301 Low Samsung Knox Android must allow only the administrator/MDM to enforce a minimum password complexity.