UCF STIG Viewer Logo

Samsung Knox Android 1.0 STIG


Overview

Date Finding Count (26)
2013-05-03 CAT I (High): 2 CAT II (Med): 18 CAT III (Low): 6
STIG Description
Developed by Samsung Electronics Co., Ltd.; Fixmo Inc.; and General Dynamics C4 Systems, Inc. in coordination with DISA for use in the DoD.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
KNOX-12-002300 High The mobile operating system must prevent the installation of applications that are not digitally signed with a DoD-approved private key.
KNOX-12-002400 High The mobile operating system must prevent a user from installing unapproved applications.
KNOX-01-000400 Medium The mobile operating system must not permit a user to disable the password-protected lock feature on the device.
KNOX-03-001100 Medium The mobile operating system must disallow more than two sequential numbers (e.g., 456) in the device unlock password.
KNOX-13-002700 Medium The mobile operating system's VPN client must use either IPSec or SSL/TLS when connecting to DoD networks.
KNOX-03-001000 Medium The mobile operating system must force the user to change at least two characters of the device unlock password whenever the password is changed.
KNOX-13-002600 Medium The mobile operating system must authenticate devices before establishing remote network (e.g., VPN) connections using bidirectional cryptographically based authentication between devices.
KNOX-08-002200 Medium The mobile operating system must encrypt all data on the mobile device using AES encryption (AES 128 bit encryption key length is the minimum requirement; AES 256-bit desired).
KNOX-04-001300 Medium The mobile operating system must authenticate tethered connections to the device.
KNOX-02-000500 Medium The mobile operating system must disallow the device unlock password from containing fewer than a specified minimum number of upper case alphabetic characters.
KNOX-04-001400 Medium The mobile operating system must disable access to the device's contact database when the device is locked.
KNOX-02-000700 Medium The mobile operating system must disallow the device unlock password from containing fewer than a specified minimum number of numeric characters.
KNOX-07-002100 Medium Only DoD PKI-issued or DoD-approved server authentication certificates may be installed on DoD mobile operating system devices.
KNOX-02-000600 Medium The mobile operating system must disallow the device unlock password from containing fewer than a specified minimum number of lower case alphabetic characters.
KNOX-00-000100 Medium The mobile operating system must employ mobile device management services to centrally manage configuration settings, including security policies.
KNOX-13-002800 Medium The mobile operating system must prevent a user from using a browser that does not direct its traffic to a DoD proxy server.
KNOX-01-000200 Medium The mobile operating system must enforce a minimum length for the device unlock password.
KNOX-04-001500 Medium The mobile operating system's Bluetooth module must not permit any data transfer between devices prior to Bluetooth mutual authentication.
KNOX-01-000300 Medium The mobile operating system must lock the device after no more than 15 minutes of inactivity.
KNOX-04-001600 Medium The mobile operating system's Bluetooth stack must use 128-bit Bluetooth encryption when performing data communications with other Bluetooth devices.
KNOX-05-001800 Low The mobile operating system must conduct a device integrity scan at least once every six hours.
KNOX-13-002500 Low The mobile operating system must synchronize the internal clock at least once every 24 hours with an authoritative time server or the Global Positioning System.
KNOX-04-001200 Low The mobile operating system must include organization defined additional, more detailed information in the audit records for audit events identified by type, location, or subject.
KNOX-06-001900 Low The mobile operating system must be able to filter both inbound and outbound traffic based on IP address and UDP/TCP port.
KNOX-02-000900 Low The mobile operating system must prohibit a user from reusing any of the last five previously used device unlock passwords.
KNOX-02-000800 Low The mobile operating system must enforce a maximum lifetime of 120 days for the device unlock password (password age).