The Samsung Knox for Android platform must be configured to implement the management setting: configure Knox License.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-56091 | KNOX-35-022100 | SV-70345r1_rule | Medium |
| Description |
|---|
| A cloud backup feature may gather a user's information, such as PII, or sensitive documents. With this feature enabled, sensitive information will be backed up to the manufacturer's servers and database. This data is stored at a location that has unauthorized employees accessing this data. This data is stored on a server that has a location unknown to the DoD. Disabling this feature mitigates the risk of a backup feature that stores sensitive data on a server that has the potential to be located in a country other than the United States. Note: Reporting information is required to periodically validate the Knox license on the device, and proper configuration of the Knox license ensures reporting information is sent to the correct enterprise servers. SFR ID: FMT_SMF.1.1 #42 |
| STIG | Date |
|---|---|
| Samsung Android (with Knox 2.x) STIG | 2016-02-25 |
Details
| Check Text ( C-56661r1_chk ) |
|---|
| This validation procedure is performed on the MDM Administration Console. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Knox License" settings in the "Knox Management" rule. 2. Verify the correct DoD-issued Knox license is configured. If the correct DoD-issued Knox license is not configured in the "Knox License" setting, this is a finding. |
| Fix Text (F-60969r1_fix) |
|---|
| Configure the mobile device to disable backups to Google servers. On the MDM Administration Console, disable the "Allow Google backup" setting in the "Android Restrictions" rule. |