UCF STIG Viewer Logo

Samsung Android must be configured to enable encryption for data at rest on removable storage media or alternately, the use of removable storage media must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-93621 KNOX-09-000985 SV-103707r1_rule High
Description
The mobile operating system must ensure the data being written to the mobile device's removable media is protected from unauthorized access. If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can read removable media directly, thereby circumventing operating system controls. Encrypting the data ensures confidentiality is protected even when the operating system is not running. SFR ID: FMT_SMF_EXT.1.1 #21, #47f
STIG Date
Samsung Android OS 9 with Knox 3.x COBO Use Case KPE(Legacy) Deployment Security Technical Implementation Guide 2020-06-09

Details

Check Text ( C-92939r1_chk )
Review device configuration settings to determine if Knox external storage encryption is enabled.

If the mobile device does not support removable media, this procedure is not applicable and is not a finding.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Knox encryption" group, verify that "enable external storage encryption" is selected.

On the Samsung Android device, verify that a MicroSD card must be encrypted before use.

If on the MDM console "enable external storage encryption" is not selected, or a MicroSD card can be used on the Samsung Android device without first being encrypted, this is a finding.
Fix Text (F-99867r1_fix)
Configure Samsung Android to enable Knox external storage encryption.

If the mobile device does not support removable media, this guidance is not applicable.

On the MDM console, for the device, in the "Knox encryption" group, select "enable external storage encryption".