Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-93579 | KNOX-09-000365 | SV-103665r1_rule | Medium |
Description |
---|
If a Samsung Android device uses an accessory that provides wired networking capabilities, and that accessory is connected to a DoD network, then the Samsung Android device would also be connected to the DoD network. Samsung Android devices most likely have a number of personal apps installed that may include malware or have high-risk behaviors (for example, offloading data from the phone to third-party servers outside the United States). In addition, smartphones do not generally meet security requirements for computer devices to connect directly to DoD networks. Note: Samsung DeX mode (with input devices) will not work unless the "USB host mode exception list" is configured (see requirement KNOX-09-000755 for more information). SFR ID: FMT_MOF_EXT.1.2 #47 |
STIG | Date |
---|---|
Samsung Android OS 9 with Knox 3.x COBO Use Case KPE(Legacy) Deployment Security Technical Implementation Guide | 2020-06-09 |
Check Text ( C-92895r1_chk ) |
---|
Review accessories that provide wired networking capabilities to Samsung Android devices at the site and verify that the accessories are not connected to a DoD network. If accessories that provide wired networking capabilities to Samsung Android devices are connected to DoD networks, this is a finding. Note: Connections to a site's guest network that provides Internet-only access can be used. Note: This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement. |
Fix Text (F-99823r1_fix) |
---|
When using an accessory that provides wired networking capabilities to a Samsung Android device, do not connect the accessory to a DoD network. Note: This setting cannot be managed by the MDM administrator and is a UBE requirement. |