UCF STIG Viewer Logo

Samsung Android must be configured to enable the Knox audit log.


Overview

Finding ID Version Rule ID IA Controls Severity
V-93761 KNOX-09-000170 SV-103847r1_rule Medium
Description
Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify attacks so that breaches can be prevented or limited in their scope, and they facilitate analysis to improve performance and security. The requirement statement lists key events for which the system must generate an audit record. SFR ID: FAU_GEN.1.1 #8
STIG Date
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide 2020-02-24

Details

Check Text ( C-93079r1_chk )
Review device configuration settings to confirm that the Knox audit log is enabled.

This procedure is performed on the MDM Administration console only.

On the MDM console, for the device, in the "Knox audit log" group, verify that "enable audit log" is selected.

If on the MDM console the "enable audit log" is not selected, this is a finding.
Fix Text (F-100007r1_fix)
Configure Samsung Android to enable the Knox audit log.

On the MDM console, for the device, in the "Knox audit log" group, select "enable audit log".