Samsung Android OS 5 with Knox 2.0 Security Technical Implementation Guide

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: [email protected]

Details

Version / Release: V1R3

Published: 2016-02-24

Updated At: 2018-09-23 12:47:06

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-75633r1_rule KNOX-30-000100 CCI-001145 MEDIUM All mobile operating system cryptography supporting DoD functionality must be FIPS 140-2 validated. Unapproved cryptographic algorithms cannot be relied upon to provide confidentiality or integrity, and DoD data could be compromised as a result. The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIP
    SV-75637r1_rule KNOX-30-004400 CCI-001199 HIGH The Samsung Knox for Android platform must protect data at rest on built-in storage media. The MOS must ensure the data being written to the mobile device's built-in storage media is protected from unauthorized access. If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data acces
    SV-75639r1_rule KNOX-30-004410 CCI-001199 HIGH The Samsung Knox for Android platform must protect data at rest on removable storage media. The MOS must ensure the data being written to the mobile device's removable media is protected from unauthorized access. If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an a
    SV-75641r1_rule KNOX-34-008700 CCI-000205 LOW The Samsung Knox for Android platform must enforce a minimum password length of 6 characters. Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks. The ability to crack a password is a function of how many attempts an adversary is permitted, how quickly an adversary can do each attempt, an
    SV-75643r1_rule KNOX-34-008900 CCI-000044 LOW The Samsung Knox for Android platform must not allow more than 10 consecutive failed authentication attempts. The more attempts an adversary has to guess a password, the more likely the adversary will enter the correct password and gain access to resources on the device. Setting a limit on the number of attempts mitigates this risk. Setting the limit at 10 gives
    SV-75645r1_rule KNOX-34-012100 CCI-000057 MEDIUM The Samsung Knox for Android platform must lock the display after 15 minutes (or less) of inactivity. The screen lock timeout must be set to a value that helps protect the device from unauthorized access. Having a too-long timeout would increase the window of opportunity for adversaries who gain physical access to the mobile device through loss, theft, et
    SV-75647r1_rule KNOX-34-012110 CCI-000366 MEDIUM The Samsung Knox for Android container must implement the management setting: Lock the container display after 15 minutes (or less) of inactivity. The screen lock timeout must be set to a value that helps protect the device from unauthorized access. Having a too-long timeout would increase the window of opportunity for adversaries who gain physical access to the mobile device through loss, theft, et
    SV-75649r1_rule KNOX-35-009000 CCI-000366 MEDIUM The Samsung Knox for Android platform must enforce an application installation policy by specifying one or more authorized application repositories: Disable Google Play. Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing such installations and executions could cause a compromise
    SV-75651r1_rule KNOX-35-009010 CCI-000366 MEDIUM The Samsung Knox for Android platform must enforce an application installation policy by specifying one or more authorized application repositories: Disable unknown sources. Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing such installations and executions could cause a compromise
    SV-75653r1_rule KNOX-35-009100 CCI-000366 MEDIUM The Samsung Knox for Android platform must enforce an application installation policy by specifying an application whitelist. Requiring all authorized applications to be in an application whitelist prevents the execution of any applications (e.g., unauthorized, malicious) that are not part of the whitelist. Failure to configure an application whitelist properly could allow unaut
    SV-75655r1_rule KNOX-35-020000 CCI-000381 MEDIUM The Samsung Knox for Android platform must not allow use of developer modes. Developer modes expose features of the MOS that are not available during standard operation. An adversary may leverage vulnerability inherent in a developer mode to compromise the confidentiality, integrity, and availability of DoD-sensitive information.
    SV-75657r1_rule KNOX-35-020600 CCI-000366 MEDIUM The Samsung Knox for Android platform must implement the management setting: Install DoD root and intermediate PKI certificates on the device. DoD root and intermediate PKI certificates are used to verify the authenticity of PKI certificates of users and web services. If the root and intermediate certificates are not available, an adversary could falsely sign a certificate in such a way that it
    SV-75659r2_rule KNOX-35-021000 CCI-000366 MEDIUM The Samsung Knox for Android platform must implement the management setting: Disable Allow New Admin Install. An application with administrator permissions (e.g., MDM agent) is allowed to configure policies on the device. If a user is allowed to install another MDM agent on the device, then this will allow another MDM administrator (assuming it has the proper Kno
    SV-75661r1_rule KNOX-35-021100 CCI-000366 MEDIUM The Samsung Knox for Android platform must implement the management setting: Configure application install blacklist. Blacklisting all applications is required so that only white-listed applications can be installed on the device. Requiring all authorized applications to be in an application whitelist prevents the execution of any applications (e.g., unauthorized, malici
    SV-75663r1_rule KNOX-35-021200 CCI-000366 MEDIUM The Samsung Knox for Android platform whitelist must not include applications with the following characteristics: All pre-installed (core) applications not approved for DoD use by the Approving Official (AO). Requiring all authorized applications to be in an application whitelist prevents the execution of any applications (e.g., unauthorized, malicious) that are not part of the whitelist. Failure to configure an application whitelist properly could allow unaut
    SV-75665r1_rule KNOX-35-021225 CCI-000366 MEDIUM The Samsung Knox for Android platform whitelist must not include applications with the following characteristics: Allows synchronization of data or applications between devices associated with user. Requiring all authorized applications to be in an application whitelist prevents the execution of any applications (e.g., unauthorized, malicious) that are not part of the whitelist. Failure to configure an application whitelist properly could allow unaut
    SV-75667r1_rule KNOX-35-021250 CCI-000366 MEDIUM The Samsung Knox for Android platform whitelist must not include applications with the following characteristics: Payment processing. Requiring all authorized applications to be in an application whitelist prevents the execution of any applications (e.g., unauthorized, malicious) that are not part of the whitelist. Failure to configure an application whitelist properly could allow unaut
    SV-75669r1_rule KNOX-35-021275 CCI-000366 MEDIUM The Samsung Knox for Android platform whitelist must not include applications with the following characteristics: Back up MD data to non-DoD cloud servers (including user and application access to cloud backup services). Requiring all authorized applications to be in an application whitelist prevents the execution of any applications (e.g., unauthorized, malicious) that are not part of the whitelist. Failure to configure an application whitelist properly could allow unaut
    SV-75671r1_rule KNOX-35-021300 CCI-000366 MEDIUM The Samsung Knox for Android platform must not allow backup to remote systems. Backups to remote systems (including cloud backup) can leave data vulnerable to breach on the external systems, which often offer less protection than the MOS. Where the remote backup involves a cloud-based solution, the backup capability is often used to
    SV-75673r1_rule KNOX-35-021400 CCI-000381 LOW The Samsung Knox for Android platform must disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled: Disable Google Crash Report. Many software systems automatically send diagnostic data to the manufacturer or a third party. This data enables the developers to understand real world field behavior and improve the product based on that information. Unfortunately, it can also reveal in
    SV-75675r1_rule KNOX-35-021600 CCI-000366 MEDIUM The Samsung Knox for Android platform must implement the management setting: Disable USB host storage. The USB host storage feature allows the device to connect to select USB devices (e.g., USB flash drives, USB mouse, USB keyboard) using a micro USB to USB adapter cable. A user can copy sensitive DoD information to external USB storage unencrypted, result
    SV-75677r1_rule KNOX-35-021900 CCI-000366 LOW The Samsung Knox for Android platform must not allow passwords that include more than two repeating or sequential characters. Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks. Passwords that contain repeating or sequential characters are significantly easier to guess than those that do not contain repeating or sequen
    SV-75679r2_rule KNOX-35-022500 CCI-000366 MEDIUM The Samsung Knox for Android platform must be configured to disable multi-user modes. By default the enterprise administrator will install and enroll MDM on the device's owner user space. Since some policies configured by the MDM will only apply to the owner space, the user can bypass some of these policies by creating and switching to a g
    SV-75681r1_rule KNOX-35-022800 CCI-000366 MEDIUM The Samsung Knox for Android platform must implement the management setting: Disable S Voice. On MOS devices, users (may be able to) access the device's contact database or calendar to obtain phone numbers and other information using a human voice even when the mobile device is locked. Often this information is personally identifiable information
    SV-75683r1_rule KNOX-35-023100 CCI-000366 MEDIUM The Samsung Knox for Android platform must implement the management setting: Disable NFC. NFC is a wireless technology that transmits small amounts of information from the device to the NFC reader. Any data transmitted can be potentially compromised. Disabling this feature mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #45
    SV-75685r1_rule KNOX-35-023500 CCI-000366 MEDIUM The Samsung Knox for Android platform must implement the management setting: Disable Nearby devices. The Nearby devices feature allows the user to share files with other devices that are connected on the same Wi-Fi access point using the DLNA technology. Even though the user must allow requests from other devices, this feature can potentially result in u
    SV-75687r1_rule KNOX-35-023600 CCI-000381 MEDIUM The Samsung Knox for Android platform must not allow a USB mass storage mode. USB mass storage mode enables the transfer of data and software from one device to another. This software can include malware. When USB mass storage is enabled on a mobile device, it becomes a potential vector for malware and unauthorized data exfiltratio
    SV-75689r1_rule KNOX-35-023700 CCI-000366 MEDIUM The Samsung Knox for Android platform must be configured to disable automatic updates of system software. FOTA allows the user to download and install firmware updates over-the-air. These updates can include OS upgrades, security patches, bug fixes, new features and applications. Since the updates are controlled by the carriers, DoD will not have an opportuni
    SV-75691r1_rule KNOX-35-024000 CCI-000062 MEDIUM The Samsung Knox for Android platform must not display notifications when the device is locked. Many mobile devices display notifications on the lock screen so that users can obtain relevant information in a timely manner without having to frequently unlock the phone to determine if there are new notifications. However, in many cases, these notifica
    SV-75693r1_rule KNOX-35-024200 CCI-000097 MEDIUM The Samsung Knox for Android platform must not allow backup to locally connected systems. Data on mobile devices is protected by numerous mechanisms, including user authentication, access control, and cryptography. When the data is backed up to an external system (either locally connected or cloud-based), many if not all of these mechanisms ar
    SV-75695r1_rule KNOX-35-024500 CCI-000366 LOW The Samsung Knox for Android platform must enable VPN protection. A key characteristic of a mobile device is that they typically will communicate wirelessly and are often expected to reside in locations outside the physical security perimeter of a DoD facility. In these circumstances, the threat of eavesdropping is subs
    SV-75697r1_rule KNOX-35-024600 CCI-000366 MEDIUM The Samsung Knox for Android platform must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor (e.g., using a fingerprint), unless mechanism is DoD approved. The fingerprint reader can be used to authenticate the user in order to unlock the mobile device. At this time, no biometric reader has been approved for DoD use on mobile devices. This technology would allow unauthorized users to have access to DoD sensi
    SV-75699r1_rule KNOX-35-024700 CCI-000366 MEDIUM The Samsung Knox for Android platform must be configured to disable VPN split-tunneling (if the MD provides a configurable control for FDP_IFC_EXT.1.1). Spilt-tunneling allows multiple simultaneous remote connections to the mobile device. Without VPN split-tunneling disabled, malicious applications can covertly off-load device data to a third-party server or set up a trusted tunnel between a non-DoD third
    SV-75701r1_rule KNOX-35-024800 CCI-000366 MEDIUM The Samsung Knox for Android platform must be configured to enable the access control policy that prevents [groups of application processes] from accessing [all] data stored by other [groups of application processes]. The access control policy restricts processes and applications in one processing environment (container) from accessing data in another. Exceptions should only be allowed under the administrator control to protect sensitive DoD data from exposure. SFR ID
    SV-75703r1_rule KNOX-35-028400 CCI-000366 MEDIUM The Samsung Knox for Android platform must implement the management setting: Disable Admin Remove. Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of atta
    SV-75705r1_rule KNOX-35-028500 CCI-000366 MEDIUM The Samsung Knox for Android platform must implement the management setting: Enable Certificate Revocation Status Check. A CRL allows a certificate issuer to revoke a certificate for any reason, including improperly issued certificates and compromise of the private keys. Checking the revocation status of the certificate mitigates the risk associated with using a compromised
    SV-75707r1_rule KNOX-35-030000 CCI-000366 MEDIUM The Samsung Knox for Android platform must disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor: Disable Enable Smart Lock. The fingerprint reader can be used to authenticate the user in order to unlock the mobile device. At this time, no biometric reader has been approved for DoD use on mobile devices. This technology would allow unauthorized users to have access to DoD sensi
    SV-75709r1_rule KNOX-35-030100 CCI-000381 LOW The Samsung Knox for Android platform must disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled: Configure a KNOX on-premise license. Many software systems automatically send diagnostic data to the manufacturer or a third party. This data enables the developers to understand real world field behavior and improve the product based on that information. Unfortunately, it can also reveal in
    SV-75711r1_rule KNOX-35-030200 CCI-000381 LOW The Samsung Knox for Android platform must disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled: Disable Report diagnostic info. Many software systems automatically send diagnostic data to the manufacturer or a third party. This data enables the developers to understand real world field behavior and improve the product based on that information. Unfortunately, it can also reveal in
    SV-75713r1_rule KNOX-36-009700 CCI-000048 LOW The Samsung Knox for Android platform must display the DoD advisory warning message at start-up or each time the user unlocks the device. The mobile operating system is required to display the DoD-approved system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, direct
    SV-75715r1_rule KNOX-38-012600 CCI-000366 MEDIUM The Samsung Knox for Android platform must implement the management setting: Disable Manual Date Time Changes. Determining the correct time a particular application event occurred on a system is critical when conducting forensic analysis and investigating system events. Periodically synchronizing internal clocks with an authoritative time source is needed in ord
    SV-75717r1_rule KNOX-39-014900 CCI-000366 MEDIUM The Samsung Knox for Android container must implement the management setting: Configure to enforce a minimum password length of 4 characters. Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. The ability to crack a password is a function of how many attempts an adversary is permitted, how quickly an adversary can do each attempt, an
    SV-75719r1_rule KNOX-39-015100 CCI-000366 MEDIUM The Samsung Knox for Android container must implement the management setting: Disable sharing of calendar information outside the container. Calendar events can include potentially DoD-sensitive data such as names, contacts, dates and times, and locations. If made available outside the container this information will be accessible to personal applications, resulting in potential compromise of
    SV-75721r1_rule KNOX-39-015200 CCI-000366 LOW The Samsung Knox for Android container must implement the management setting: Configure to prohibit more than 10 consecutive failed authentication attempts. Users must not be able to override the system policy on the maximum number of consecutive failed authentication attempts because this could allow them to raise the maximum, thus giving adversaries more chances to guess/brute force passwords, which increas
    SV-75723r1_rule KNOX-39-015250 CCI-000366 MEDIUM The Samsung Knox for Android container must implement the management setting: Disable sharing of contact information outside the container. Contacts can include DoD-sensitive data and PII of DoD employees including names, numbers, addresses, and email addresses. If made available outside the container this information will be accessible to personal applications, resulting in potential comprom
    SV-75725r1_rule KNOX-39-015300 CCI-000366 MEDIUM The Samsung Knox for Android container must implement the management setting: Disable sharing of notification details outside the container. Application notifications can include DoD-sensitive data. If made available outside the container this information will be accessible to personal applications, resulting in potential compromise of DoD data. SFR ID: FMT_SMF_EXT.1.1 #45
    SV-75727r1_rule KNOX-39-015400 CCI-000366 MEDIUM The Samsung Knox for Android container must be configured to implement the management setting: Enable container. The container must be enabled by the administrator/MDM or the container's protections will not apply to the mobile device. This will cause the mobile device's apps and data to be at significantly higher risk of compromise because they are not protected by
    SV-75729r1_rule KNOX-39-015600 CCI-000366 MEDIUM The Samsung Knox for Android platform must implement the management setting: Enable CC mode. CC mode implements several security controls required by the Mobile Device Functional Protection Profile (MDFPP). If CC mode is not implemented, DoD data is more at risk of being compromised, and the MD is more at risk of being compromised if lost or stol
    SV-75731r1_rule KNOX-39-015700 CCI-000366 MEDIUM The Samsung Knox for Android platform must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-free Profile), and SPP (Serial Port Profile). Some Bluetooth profiles provide the capability for remote transfer of sensitive DoD data without encryption or otherwise do not meet DoD IT security policies and therefore should be disabled. SFR ID: FMT_SMF_EXT.1.1 #20
    SV-75733r1_rule KNOX-39-020100 CCI-000366 MEDIUM The Samsung Knox for Android container must enforce an application installation policy by specifying an application whitelist. Requiring all authorized applications to be in an application whitelist prevents the execution of any applications (e.g., unauthorized, malicious) that are not part of the whitelist. Failure to configure an application whitelist properly could allow unaut
    SV-75735r1_rule KNOX-39-020300 CCI-000366 MEDIUM The Samsung Knox for Android container must implement the management setting: Configure application install blacklist. Blacklisting all applications is required so that only white-listed applications can be installed on the device. Requiring all authorized applications to be in an application whitelist prevents the execution of any applications (e.g., unauthorized, malici
    SV-75737r1_rule KNOX-39-020400 CCI-000366 MEDIUM The Samsung Knox for Android container must implement the management setting: Disable Move Applications to Container. Applications determined to be acceptable for personal use outside the container might not be acceptable for use within the container. The Move Applications to Container feature allows users to install personal side applications into the container, resulti
    SV-75739r1_rule KNOX-39-020500 CCI-000366 MEDIUM The Samsung Knox for Android container must implement the management setting: Disable Move Files from Container to Personal. Allowing movement of files between the container and personal side will result in both personal data and sensitive DoD data being placed in the same space. This can potentially result in DoD data being transmitted to non-authorized recipients via personal
    SV-75741r1_rule KNOX-39-020700 CCI-000366 MEDIUM The Samsung Knox for Android container must implement the management setting: Configure application disable list. Applications from various sources (including the vendor, the carrier, and Google) are installed on the device at the time of manufacture. Core apps are apps preinstalled by Google. Third-party preinstalled apps included apps from the vendor and carrier. S
    SV-75743r1_rule KNOX-39-021000 CCI-000366 MEDIUM The Samsung Knox for Android container must implement the management setting: Disable automatic completion of browser text input. The auto-fill functionality in the web browser allows the user to complete a form that contains sensitive information, such as PII, without previous knowledge of the information. By allowing the use of an auto-fill functionality, an adversary who learns a
    SV-75745r1_rule KNOX-39-021100 CCI-000366 LOW The Samsung Knox for Android container must not allow passwords that include more than two repeating or sequential characters. Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks. Passwords that contain repeating or sequential characters are significantly easier to guess than those that do not contain repeating or sequen
    SV-75747r1_rule KNOX-39-021200 CCI-000366 MEDIUM The Samsung Knox for Android container must implement the management setting: Account whitelist. Whitelisting of authorized email accounts (POP3, IMAP, EAS) prevents a user from configuring a personal email account that could be used to forward sensitive DoD data to unauthorized recipients. SFR ID: FMT_SMF_EXT.1.1 #45
    SV-75749r1_rule KNOX-39-021300 CCI-000366 MEDIUM The Samsung Knox for Android container must implement the management setting: Account blacklist. Blacklisting all email accounts is required so that only white-listed accounts can be configured. SFR ID: FMT_SMF_EXT.1.1 #45
    SV-75751r1_rule KNOX-39-022000 CCI-000366 MEDIUM The Samsung Knox for Android container must implement the management setting: Configure minimum password complexity. Authentication mechanisms other than a Password Authentication Factor often provide convenience to users, but many of these mechanisms have known vulnerabilities. Configuring a minimum password complexity mitigates the risk associated with a weak authenti