UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Samsung Knox for Android platform must be configured to implement the management setting: disable mobile printing.


Overview

Finding ID Version Rule ID IA Controls Severity
V-56103 KNOX-35-023000 SV-70357r1_rule Medium
Description
Mobile printing allows the device to connect to a printer over a Wi-Fi connection. Data is sent unencrypted over the Wi-Fi connection, potentially resulting in the compromise of sensitive DoD data. Disabling this feature mitigates the risk. SFR ID: FMT_SMF.1.1 #42
STIG Date
Samsung Android (with Knox 2.x) STIG 2015-05-20

Details

Check Text ( C-56673r1_chk )
This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Application disable list" setting in the "Android Application" rule.
2. Verify the setting includes the list of pre-installed mobile printing plugin applications.

(Note: Some carrier versions pre-install Samsung Print Service Plugin and HP Print Service Plugin.)
(Note: Refer to the Supplemental document for the list.)

On the Samsung Knox for Android device:
1. Open device settings.
2. Select "NFC and sharing".
3. Select "Printing".
4. Attempt to select a vendor print service.

If the "Application disable list" configuration in the MDM console does not contain the list of pre-installed mobile printing plugin applications, or if the user is able to successfully launch these vendor print services, this is a finding.
Fix Text (F-60981r1_fix)
Configure the mobile operating system to disable all pre-installed mobile printing plugin applications.

Identify all pre-installed mobile printing plugin applications on the device. On the MDM Administration Console, add this list of applications to the "Application disable list" setting in the "Android Application" rule.

(Note: Refer to the Supplemental document for the list.)