Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-56095 | KNOX-35-022600 | SV-70349r1_rule | Medium |
Description |
---|
A cloud backup feature may gather a user's information, such as PII, or sensitive documents. With this feature enabled, sensitive information will be backed up to the manufacturer's servers and database. This data is stored at a location that has unauthorized employees accessing this data. This data is stored on a server that has a location unknown to the DoD. Disabling this feature mitigates the risk of a backup feature that stores sensitive data on a server that has the potential to be located in a country other than the United States. SFR ID: FMT_SMF.1.1 #42 |
STIG | Date |
---|---|
Samsung Android (with Knox 2.x) STIG | 2016-02-25 |
Check Text ( C-56665r2_chk ) |
---|
This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Application disable list" setting in the "Android Application" rule. 2. Verify the setting includes all pre-installed public cloud backup applications. (Note: The following applications are known to be pre-installed public cloud applications, but other applications can be found on other devices: Google Drive, Dropbox, Verizon Cloud, AT&T Locker.) (Note: Refer to the Supplemental document for the list.) On the Samsung Knox for Android device: 1. Attempt to locate and launch the pre-installed public cloud applications that are included on the disable list. (Note: this application will not be visible) If the "Application disable list" configuration in the MDM console does not contain all pre-installed public cloud backup applications, or if the user is able to successfully launch an application on this list, this is a finding. |
Fix Text (F-60973r2_fix) |
---|
Configure the mobile operating system to disable all pre-installed public cloud backup applications. On the MDM Administration Console, add all pre-installed public cloud backup applications that are not DoD-approved to the "Application disable list" setting in the "Android Application" rule. (Note: Refer to the Supplemental document for the list.) |