UCF STIG Viewer Logo

The mobile operating system must prevent the installation of applications that are not digitally signed with a DoD-approved private key.


Overview

Finding ID Version Rule ID IA Controls Severity
KNOX-12-002300 KNOX-12-002300 KNOX-12-002300_rule High
Description
Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Digital signatures on code provide assurance that the code comes from a known source and has not been modified.
STIG Date
Samsung Knox Android 1.0 STIG 2013-05-03

Details

Check Text ( C-KNOX-12-002300_chk )
This check procedure is performed using an MDM tool.

Check that the appropriate setting is configured on the MDM server.

For example, on the Fixmo Sentinel Administration Console:
1. Ask the MDM administrator to display the "Enforce Signature Blacklisting" checkbox in the "Android Knox Restrictions" rule.
2. Verify the checkbox is selected.

If the "Enforce Signature Blacklisting" checkbox is not selected, this is a finding.

NOTE: Selecting the "Enforce Signature Blacklisting" checkbox activates the Knox Android application quarantine capability.
Fix Text (F-KNOX-12-002300_fix)
Configure the operating system to prevent the installation of applications that are not digitally signed with a DoD-approved private key.

For example, on the Fixmo Sentinel Administration Console, check "Enforce Signature Blacklisting" in the "Android Knox Restrictions" rule.