Check: KNOX-09-000175
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment STIG:
KNOX-09-000175
(in versions v1 r5 through v1 r1)
Title
Samsung Android must be configured to enable the Knox audit log. (Cat II impact)
Discussion
Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify attacks so that breaches can be prevented or limited in their scope, and they facilitate analysis to improve performance and security. The requirement statement lists key events for which the system must generate an audit record. SFR ID: FAU_GEN.1.1 #8
Check Content
Review device configuration settings to confirm that the Knox audit log is enabled. This procedure is performed on the MDM Administration console only. On the MDM console, for the device, in the "Knox audit log" group, verify that "enable audit log" is selected. If on the MDM console the "enable audit log" is not selected, this is a finding.
Fix Text
Configure Samsung Android to enable the Knox audit log. On the MDM console, for the device, in the "Knox audit log" group, select "enable audit log".
Additional Identifiers
Rule ID: SV-217799r388482_rule
Vulnerability ID: V-217799
Group Title: PP-MDF-991000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |