UCF STIG Viewer Logo

The Samsung Knox for Android platform must be configured to enforce an application installation policy by specifying one or more authorized application repositories: enroll in MDM.


Overview

Finding ID Version Rule ID IA Controls Severity
V-56053 KNOX-35-009020 SV-70307r1_rule Medium
Description
Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing such installations and executions could cause a compromise of DoD data accessible by these unauthorized/malicious applications. SFR ID: FMT_SMF.1.1 #10
STIG Date
Samsung Android (with Knox 2.x) STIG 2016-02-25

Details

Check Text ( C-56623r1_chk )
Note: This validation procedure is identical to the one for KNOX-35-020900. It only needs to be performed once. If it is found compliant on the first check, it is also compliant here. If it is determined to be a finding on first check, it is also a finding here. Redundant checks are necessary to maintain requirements traceability and provide complete risk management information to AOs.

Configuring an application installation policy on Samsung Knox for Android by specifying an application repository involves three steps: (1) Disabling Google Play, (2) Disabling unknown application sources, and (3) Enrolling in MDM (which designates the repository). This validation procedure covers the last of these steps. It is performed on the Samsung Knox for Android device only.

On the Samsung Knox for Android device:
1. Open the application list and verify the presence of an MDM agent.
2. Open the MDM agent and verify that the MDM agent has been enrolled.
Note: Verification on the MDM agent is MDM vendor specific.

If the MDM agent is not present on the Samsung Knox for Android device, or if the MDM agent has not been enrolled, this is a finding.
Fix Text (F-60931r1_fix)
Enroll the device in MDM.

Implement MDM to centrally manage configuration settings.