OpenControls Logo

STIG Viewer

The Samsung Android 15 BYOAD must be configured to either disable access to DOD data and IT systems and user accounts or wipe the work profile if the EMM system detects the Samsung Android 15 BYOAD device has known malicious, blocked, or prohibited applications, or configured to access nonapproved third-party applications stores in the work profile.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-272505KNOX-15-800900SV-272505r1098288_ruleCCI-000366medium
Description
When a BYOAD is out of compliance, DOD data and apps must be removed to protect against compromise of sensitive DOD information. Reference: DOD policy "Use of Non-Government Mobile Devices" (3.a.(3)iii). SFR ID: FMT_SMF_EXT.1.1 #47
STIGDate
Samsung Android 15 BYOAD Security Technical Implementation Guide2025-04-29

Related Frameworks

4 paths across 3 frameworks
NIST 800-531 mapping
CM-6
1.00
  • DISA · 1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
  • DISA · 1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
  • DISA · 1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
  • DISA · 1 · disa_xccdf · related

Details

Check Text (C-272505r1098288_chk)

Verify the EMM system has been configured to either disable access to DOD data and IT systems and user accounts or the work profile if it has detected the Samsung Android 15 BYOAD device has known malicious, blocked, or prohibited managed applications, or configured to access nonapproved third-party applications stores for managed apps. The exact procedure will depend on the EMM system used at the site. If the EMM system has not been configured to either disable access to DOD data and IT systems and user accounts or wipe the work profile if it has detected the Samsung Android 15 BYOAD device has known malicious, blocked, or prohibited managed applications, or configured to access nonapproved third-party applications stores for managed apps, this is a finding.

Fix Text (F-76491r1098287_fix)

Configure the EMM system to either disable access to DOD data and IT systems and user accounts or wipe the work profile if it has detected the Samsung Android 15 BYOAD device has known malicious, blocked, or prohibited managed applications, or configured to access nonapproved third-party applications stores for managed apps. The exact procedure will depend on the EMM system used at the site.