Only DoD PKI issued or DoD approved server authentication certificates must be installed on DoD Samsung Knox Android devices.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-48261	KNOX-22-013300	SV-61133r1_rule		Medium

Description
If unauthorized device authentication certificates are installed on the device, there is the potential that the device may connect to a rogue device or network. Rogue devices can mimic the behavior of authorized equipment to trick the user into providing authentication credentials, which could then in turn be used to compromise DoD information and networks. Restricting device authentication certificates to an authorized list mitigates the risk of attaching to rogue devices and networks. SFR ID: FMT_SMF.1.1 #14

Description

If unauthorized device authentication certificates are installed on the device, there is the potential that the device may connect to a rogue device or network. Rogue devices can mimic the behavior of authorized equipment to trick the user into providing authentication credentials, which could then in turn be used to compromise DoD information and networks. Restricting device authentication certificates to an authorized list mitigates the risk of attaching to rogue devices and networks. SFR ID: FMT_SMF.1.1 #14

STIG	Date
Samsung Android (with Knox 1.x) STIG	2014-04-22

Details

Check Text ( C-50693r1_chk )
This validation procedure is performed on both the MDM Administration Console and the Samsung Knox Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the list of server authentication certificates in the "Android Certificate Configuration" rule. 2. Verify only DoD PKI issued or DoD approved server authentication certificates are present (Note: these may include those approved by the local command). On the Samsung Knox Android device: 1. Open device settings. 2. Select "Security". 3. Select "Trusted credentials". 4. Select the "User" tab. 5. Verify no certificates are listed, or that any that are listed have been authorized. If there are unapproved device authentication certificates present on the MDM whitelist or on the "User" tab, this is a finding.

Check Text ( C-50693r1_chk )

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the list of server authentication certificates in the "Android Certificate Configuration" rule.
2. Verify only DoD PKI issued or DoD approved server authentication certificates are present (Note: these may include those approved by the local command).

On the Samsung Knox Android device:
1. Open device settings.
2. Select "Security".
3. Select "Trusted credentials".
4. Select the "User" tab.
5. Verify no certificates are listed, or that any that are listed have been authorized.

If there are unapproved device authentication certificates present on the MDM whitelist or on the "User" tab, this is a finding.

Fix Text (F-51869r1_fix)
Remove non-approved server authentication certificates from the device. On the MDM Console, modify the certificate whitelist so that it only includes DoD PKI issued or DoD approved server authentication certificates in the "Android Certificate Configuration" rule.