Check: KNOX-09-000645
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment STIG:
KNOX-09-000645
(in versions v1 r5 through v1 r1)
Title
Samsung Android must be configured to disable multi-user modes. (Cat II impact)
Discussion
Multi-user mode allows multiple users to share a mobile device by providing a degree of separation between user data. To date, no mobile device with multi-user mode features meets DoD requirements for access control, data separation, and non-repudiation for user accounts. In addition, the MDFPP does not include design requirements for multi-user account services. Disabling multi-user mode mitigates the risk of not meeting DoD multi-user account security policies. SFR ID: FMT_SMF_EXT.1.1 #47b
Check Content
Review configuration settings to confirm that multi-user mode has been disabled. This procedure is performed on both the MDM Administrator console and the Samsung Android device. On the MDM console, in Knox MultiUser, verify that "allow multi-user mode" is not selected. On the Samsung Android device, open Settings and verify that the "User" setting is not available. If on the MDM console "allow multi-user mode" is selected, or on the Samsung Android device the "User" setting is available, this is a finding.
Fix Text
Configure Samsung Android to disable multi-user modes. On the MDM console, in Knox MultiUser, unselect "allow multi-user mode".
Additional Identifiers
Rule ID: SV-217814r388482_rule
Vulnerability ID: V-217814
Group Title: PP-MDF-301280
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-002110 |
The organization defines the information system account types that support the organizational missions/business functions. |