| Review Samsung Android Work Environment configuration settings to determine if the user is unable to remove DoD root and intermediate PKI certificates. |
This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.
On the management tool, in the Work Environment restrictions section, verify "User Remove Certificates" is set to "Disallow".
On the Samsung Android device:
1. Open Settings >> Biometrics and security >> Other security settings >> View security certificates.
2. In the System tab, verify that no listed certificate in the Work Environment can be untrusted.
3. In the User tab, verify that no listed certificate in the Work Environment can be removed.
If on the management tool the device "User Remove Certificates" is not set to "Disallow", or on the Samsung Android device a certificate can be untrusted or removed, this is a finding.