Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
KNOX-12-002300 | KNOX-12-002300 | KNOX-12-002300_rule | High |
Description |
---|
Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Digital signatures on code provide assurance that the code comes from a known source and has not been modified. |
STIG | Date |
---|---|
Samsung Knox Android 1.0 STIG | 2013-05-03 |
Check Text ( C-KNOX-12-002300_chk ) |
---|
This check procedure is performed using an MDM tool. Check that the appropriate setting is configured on the MDM server. For example, on the Fixmo Sentinel Administration Console: 1. Ask the MDM administrator to display the "Enforce Signature Blacklisting" checkbox in the "Android Knox Restrictions" rule. 2. Verify the checkbox is selected. If the "Enforce Signature Blacklisting" checkbox is not selected, this is a finding. NOTE: Selecting the "Enforce Signature Blacklisting" checkbox activates the Knox Android application quarantine capability. |
Fix Text (F-KNOX-12-002300_fix) |
---|
Configure the operating system to prevent the installation of applications that are not digitally signed with a DoD-approved private key. For example, on the Fixmo Sentinel Administration Console, check "Enforce Signature Blacklisting" in the "Android Knox Restrictions" rule. |