The Samsung Knox for Android platform must be configured to implement the management setting: disable mobile printing.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-56103	KNOX-35-023000	SV-70357r1_rule		Medium

Description
Mobile printing allows the device to connect to a printer over a Wi-Fi connection. Data is sent unencrypted over the Wi-Fi connection, potentially resulting in the compromise of sensitive DoD data. Disabling this feature mitigates the risk. SFR ID: FMT_SMF.1.1 #42

STIG	Date
Samsung Android (with Knox 2.x) STIG	2016-02-25

Details

Check Text ( C-56673r1_chk )
This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Application disable list" setting in the "Android Application" rule. 2. Verify the setting includes the list of pre-installed mobile printing plugin applications. (Note: Some carrier versions pre-install Samsung Print Service Plugin and HP Print Service Plugin.) (Note: Refer to the Supplemental document for the list.) On the Samsung Knox for Android device: 1. Open device settings. 2. Select "NFC and sharing". 3. Select "Printing". 4. Attempt to select a vendor print service. If the "Application disable list" configuration in the MDM console does not contain the list of pre-installed mobile printing plugin applications, or if the user is able to successfully launch these vendor print services, this is a finding.

Check Text ( C-56673r1_chk )

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Application disable list" setting in the "Android Application" rule.
2. Verify the setting includes the list of pre-installed mobile printing plugin applications.

(Note: Some carrier versions pre-install Samsung Print Service Plugin and HP Print Service Plugin.)
(Note: Refer to the Supplemental document for the list.)

On the Samsung Knox for Android device:
1. Open device settings.
2. Select "NFC and sharing".
3. Select "Printing".
4. Attempt to select a vendor print service.

If the "Application disable list" configuration in the MDM console does not contain the list of pre-installed mobile printing plugin applications, or if the user is able to successfully launch these vendor print services, this is a finding.

Fix Text (F-60981r1_fix)
Configure the mobile operating system to disable all pre-installed mobile printing plugin applications. Identify all pre-installed mobile printing plugin applications on the device. On the MDM Administration Console, add this list of applications to the "Application disable list" setting in the "Android Application" rule. (Note: Refer to the Supplemental document for the list.)