The Samsung Knox for Android platform must be configured to implement the management setting. Disable mobile payment.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-56101 | KNOX-35-022900 | SV-70355r1_rule | Medium |
| Description |
|---|
| Mobile payment makes use of NFC to transmit personal account information from the device to the NFC reader. Compromise of this data can result in financial loss to both the individual and DoD. Disabling this feature mitigates this risk. SFR ID: FMT_SMF.1.1 #42 |
| STIG | Date |
|---|---|
| Samsung Android (with Knox 2.x) STIG | 2016-02-25 |
Details
| Check Text ( C-56671r4_chk ) |
|---|
| This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Application disable list" setting in the "Android Application" rule. 2. Verify the setting includes the list of pre-installed mobile payment applications. (Note: Some U.S. carriers pre-install ISIS Wallet.) (Note: Refer to the Supplemental document for the list.) On the Samsung Knox for Android device: 1. Attempt to locate and launch the pre-installed mobile payment applications. (Note: This application will not be visible.) If the "Application disable list" configuration in the MDM console does not contain the list of pre-installed mobile payment applications, or if the user is able to successfully launch these applications, this is a finding. |
| Fix Text (F-60979r1_fix) |
|---|
| Configure the mobile operating system to disable all pre-installed mobile payment applications. Identify all pre-installed mobile payment applications on the device. On the MDM Administration Console, add this list of applications to the "Application disable list" setting in the "Android Application" rule. (Note: Refer to the Supplemental document for the list.) |