UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Samsung Android (with Knox 1.x) STIG


Overview

Date Finding Count (47)
2014-04-22 CAT I (High): 0 CAT II (Med): 33 CAT III (Low): 14
STIG Description
Developed by Samsung Electronics Co., Ltd. in coordination with DISA for the DoD.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
V-48349 Medium Samsung Knox Android must allow only the administrator/MDM to enable/disable USB mass storage mode.
V-48279 Medium The Samsung Knox Android VPN client must use either IPSec or SSL/TLS when connecting to DoD networks.
V-48253 Medium The container must be enabled by the administrator/MDM.
V-48251 Medium The administrator/MDM must enable CC mode.
V-48255 Medium The mobile device operating system must have access to DoD root and intermediate PKI certificates when performing DoD PKI-related transactions.
V-49687 Medium Samsung Knox Android must lock the container after 15 minutes of inactivity.
V-49685 Medium The administrator/MDM must configure the application installation policy by specifying authorized application repositories (Enroll in MDM).
V-49683 Medium The administrator/MDM must configure the application installation policy by specifying authorized application repositories (Disable unknown sources).
V-49681 Medium Samsung Knox Android must protect data-at-rest on removable storage media.
V-48343 Medium Samsung Knox Android must allow only the administrator/MDM to enable/disable developer modes.
V-48333 Medium The administrator/MDM must configure an application whitelist, listing authorized applications and versions.
V-48263 Medium Samsung Knox Android must allow only the administrator/MDM to set the screen lock timeout for the container password.
V-48261 Medium Only DoD PKI issued or DoD approved server authentication certificates must be installed on DoD Samsung Knox Android devices.
V-48289 Medium Samsung Knox Android must prevent a user from using a browser outside the container that does not direct its traffic to a DoD proxy server.
V-48265 Medium The Samsung Knox Android Bluetooth module must not permit any data transfer between devices prior to Bluetooth mutual authentication.
V-48249 Medium Samsung Knox Android must protect data-at-rest on built-in storage media.
V-48345 Medium Samsung Knox Android must allow only the administrator/MDM to enable/disable data-at-rest protection.
V-48337 Medium The administrator/MDM must configure the application installation policy by specifying authorized application repositories (Disable Google Play).
V-48319 Medium Samsung Knox Android must lock the device screen after a time period of inactivity.
V-48247 Medium The administrator/MDM must disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile) and SPP (Serial Port Profile).
V-48347 Medium Samsung Knox Android must allow only the administrator/MDM to enable/disable data-at-rest protection for removable media.
V-48313 Medium Samsung Knox Android must employ mobile device management services to centrally manage security relevant configuration and policy settings.
V-48339 Medium Samsung Knox Android must allow only the administrator/MDM to configure application installation policy by specifying a set of allowed applications and versions (an application whitelist).
V-48269 Medium Samsung Knox Android must authenticate devices before establishing remote network (e.g., VPN) connections using bidirectional cryptographically based authentication between devices.
V-48335 Medium Samsung Knox Android must allow only the administrator/MDM to configure application installation policy by specifying authorized application repositories.
V-48341 Medium Samsung Knox Android must allow only the administrator/MDM to enable/disable wireless remote access connections (except for personal hotspot service), and tethered connections.
V-48293 Medium The administrator/MDM must disable USB debugging.
V-48275 Medium Samsung Knox Android must prevent a user from using a browser in the container that does not direct its traffic to a DoD proxy server.
V-48321 Medium The administrator/MDM must disable USB mass storage mode.
V-48305 Medium Samsung Knox Android must allow only the administrator/MDM to disable the screen lock function.
V-48307 Medium Samsung Knox Android must allow only the administrator/MDM to set the screen lock timeout.
V-48283 Medium The Samsung Knox Android Bluetooth stack must use 128-bit Bluetooth encryption when performing data communications with other Bluetooth devices.
V-48291 Medium Samsung Knox Android must authenticate tethered connections to the device.
V-48257 Low The administrator/MDM must set the maximum number of consecutive failed container authentication attempts to 10 or less.
V-48271 Low Samsung Knox Android must allow only the administrator/MDM to enforce a minimum password length for the container password.
V-48277 Low Samsung Knox Android must synchronize the internal clock on an organization-defined periodic basis with an authoritative time server or the Global Positioning System.
V-48285 Low The administrator/MDM must configure the mobile operating system to display the DoD-standard consent banner.
V-48287 Low The administrator/MDM must disable mock locations.
V-48281 Low Before establishing a user session, Samsung Knox Android must display an administrator/MDM-specified advisory notice and consent warning banner regarding use of Samsung Knox Android.
V-48267 Low The administrator/MDM must enforce a minimum password length of 6 characters for the container password.
V-48273 Low Samsung Knox Android must be able to filter both inbound and outbound traffic based on IP address and UDP/TCP port.
V-48297 Low Samsung Knox Android must wipe all protected data from the device after 10 consecutive unsuccessful attempts to unlock the device.
V-48311 Low The administrator/MDM must enforce a minimum device unlock password length of 6 characters.
V-48317 Low The administrator/MDM must set the maximum number of consecutive failed authentication attempts for the device unlock password to 10 or less.
V-48309 Low Samsung Knox Android must allow only the administrator/MDM to set the maximum number of consecutive failed authentication attempts.
V-48299 Low Samsung Knox Android must allow only the administrator/MDM to enforce a minimum password length.
V-48301 Low Samsung Knox Android must allow only the administrator/MDM to enforce a minimum password complexity.