Before establishing a user session, Samsung Knox Android must display an administrator/MDM-specified advisory notice and consent warning banner regarding use of Samsung Knox Android.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-48281	KNOX-26-012300	SV-61153r1_rule		Low

Description
The operating system is required to display the DoD approved system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. This ensures the legal requirements for auditing and monitoring are met. System use notification messages can be displayed when individuals log in to the information system. The approved DoD text must be used as specified in the DoD CIO memorandum dated 9 May 2008. SFR ID: FTA_TAB.1.1

Description

The operating system is required to display the DoD approved system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. This ensures the legal requirements for auditing and monitoring are met. System use notification messages can be displayed when individuals log in to the information system. The approved DoD text must be used as specified in the DoD CIO memorandum dated 9 May 2008. SFR ID: FTA_TAB.1.1

STIG	Date
Samsung Android (with Knox 1.x) STIG	2014-04-22

Details

Check Text ( C-50713r1_chk )
This validation procedure is performed on both the MDM Administration Console and the Samsung Knox Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Enable DoD Banner" checkbox in the "Android Restrictions" rule. 2. Verify the "Enable DoD Banner" checkbox is checked. On the Samsung Knox Android device: 1. Reboot the device. 2. Enter the correct device unlock password. 3. Verify the DoD banner is displayed. If the specified setting is not set to the appropriate value, or if the DoD banner is not displayed, this is a finding.

Check Text ( C-50713r1_chk )

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Enable DoD Banner" checkbox in the "Android Restrictions" rule.
2. Verify the "Enable DoD Banner" checkbox is checked.

On the Samsung Knox Android device:
1. Reboot the device.
2. Enter the correct device unlock password.
3. Verify the DoD banner is displayed.

If the specified setting is not set to the appropriate value, or if the DoD banner is not displayed, this is a finding.

Fix Text (F-51889r1_fix)
Configure the mobile operating system to enable DoD banner display. On the MDM Administration Console, check the "Enable DoD Banner" checkbox in the "Android Restrictions" rule.