Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-56103 | KNOX-35-023000 | SV-70357r1_rule | Medium |
Description |
---|
Mobile printing allows the device to connect to a printer over a Wi-Fi connection. Data is sent unencrypted over the Wi-Fi connection, potentially resulting in the compromise of sensitive DoD data. Disabling this feature mitigates the risk. SFR ID: FMT_SMF.1.1 #42 |
STIG | Date |
---|---|
Samsung Android (with Knox 2.x) STIG | 2015-05-20 |
Check Text ( C-56673r1_chk ) |
---|
This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Application disable list" setting in the "Android Application" rule. 2. Verify the setting includes the list of pre-installed mobile printing plugin applications. (Note: Some carrier versions pre-install Samsung Print Service Plugin and HP Print Service Plugin.) (Note: Refer to the Supplemental document for the list.) On the Samsung Knox for Android device: 1. Open device settings. 2. Select "NFC and sharing". 3. Select "Printing". 4. Attempt to select a vendor print service. If the "Application disable list" configuration in the MDM console does not contain the list of pre-installed mobile printing plugin applications, or if the user is able to successfully launch these vendor print services, this is a finding. |
Fix Text (F-60981r1_fix) |
---|
Configure the mobile operating system to disable all pre-installed mobile printing plugin applications. Identify all pre-installed mobile printing plugin applications on the device. On the MDM Administration Console, add this list of applications to the "Application disable list" setting in the "Android Application" rule. (Note: Refer to the Supplemental document for the list.) |