Check: KNOX-09-000800
Samsung OS 9 with Knox 3.x COBO Use Case KPE(AE) Deployment STIG:
KNOX-09-000800
(in versions v1 r4 through v1 r1)
Title
Samsung Android must be configured to disallow outgoing beam. (Cat II impact)
Discussion
Outgoing beam allows transfer of data through near field communication (NFC) and Bluetooth by touching two unlocked devices together. If it were enabled, sensitive DoD data could be transmitted. SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
Review device configuration settings to confirm that outgoing beam is disallowed. This procedure is performed on both the MDM Administration console and the Samsung Android device. On the MDM console, for the device, in the "Android user restrictions" group, verify that "disallow outgoing beam" is selected. On the Samsung Android device, open a picture, contact, or webpage and put it back to back with an unlocked outgoing beam-enabled device. Verify that outgoing beam cannot be started. If on the MDM console "disallow outgoing beam" is not selected, or on the Samsung Android device the user is able to successfully start outgoing beam, this is a finding.
Fix Text
Configure Samsung Android to disallow outgoing beam. On the MDM console, for the device, in the "Android user restrictions" group, select "disallow outgoing beam".
Additional Identifiers
Rule ID: SV-217683r388482_rule
Vulnerability ID: V-217683
Group Title: PP-MDF-991000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |