Check: KNOX-09-000010
Samsung OS 9 with Knox 3.x COBO Use Case KPE(AE) Deployment STIG:
KNOX-09-000010
(in versions v1 r4 through v1 r1)
Title
Samsung Android must be configured to prevent users from adding personal email accounts to the work email app. (Cat II impact)
Discussion
If the user is able to add a personal email account (POP3, IMAP, EAS) to the work email app, it could be used to forward sensitive DoD data to unauthorized recipients. Restricting email account addition to the administrator or restricting email account addition to whitelisted accounts mitigates this vulnerability. SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
Review device configuration settings to confirm that users are prevented from adding personal email accounts to the work email app. This procedure is performed on both the MDM Administration console and the Samsung Android device. On the MDM console, for the device, do the following: 1. In the "Android account" group, verify that "account management" is configured to "disable for the work email app". 2. Provision the user's email account for the work email app. On the Samsung Android device, do the following: 1. Open Settings. 2. Tap "Accounts and backup". 3. Tap "Accounts". 4. Tap "Add account". 5. Verify that an account for the work email app cannot be added. If on the MDM console "account management" is not disabled for the work email app, or on the Samsung Android device the user can add an account for the work email app, this is a finding.
Fix Text
Configure Samsung Android to prevent users from adding personal email accounts to the work email app. On the MDM console, for the device, do the following: 1. In the "Android account" group, configure "account management" to "disable for the work email app". 2. Provision the user's email account for the work email app. Refer to the MDM documentation to determine how to provision users' work email accounts for the work email app.
Additional Identifiers
Rule ID: SV-217660r388482_rule
Vulnerability ID: V-217660
Group Title: PP-MDF-991000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |