The mobile operating system must employ mobile device management services to centrally manage configuration settings, including security policies.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
KNOX-00-000100	KNOX-00-000100	KNOX-00-000100_rule		Medium

Description
Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.

Description

Security related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced, and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large scale environment relative to an environment in which each device must be configured separately.

STIG	Date
Samsung Knox Android 1.0 STIG	2013-05-03

Details

Check Text ( C-KNOX-00-000100_chk )
This check procedure is performed on the Samsung Knox Android device only. Verify that an MDM agent is present on the device and communicating with its associated MDM server. For example, on a Samsung Knox Android device running Fixmo Sentinel: 1. Open the application list and verify the presence of Fixmo Sentinel. 2. Open the Fixmo Sentinel MDM agent, press the menu button and select "Details". 3. Verify Profile ID is not "NULL". 4. Press the menu button and select "Poll Server" and ensure no errors are generated in the messages list. If an MDM agent is not present on the Samsung Knox Android device, this is a finding. If the MDM agent is Fixmo Sentinel, if the Profile ID is "NULL", or if polling the server generates an error, this is a finding.

Check Text ( C-KNOX-00-000100_chk )

This check procedure is performed on the Samsung Knox Android device only.

Verify that an MDM agent is present on the device and communicating with its associated MDM server.

For example, on a Samsung Knox Android device running Fixmo Sentinel:
1. Open the application list and verify the presence of Fixmo Sentinel.
2. Open the Fixmo Sentinel MDM agent, press the menu button and select "Details".
3. Verify Profile ID is not "NULL".
4. Press the menu button and select "Poll Server" and ensure no errors are generated in the messages list.

If an MDM agent is not present on the Samsung Knox Android device, this is a finding. If the MDM agent is Fixmo Sentinel, if the Profile ID is "NULL", or if polling the server generates an error, this is a finding.

Fix Text (F-KNOX-00-000100_fix)
Implement an MDM agent on the device to centrally manage configuration settings.