Check: KNOX-09-000920
Samsung OS 9 with Knox 3.x COBO Use Case KPE(AE) Deployment STIG:
KNOX-09-000920
(in versions v1 r4 through v1 r1)
Title
Samsung Android must be configured to disable developer modes. (Cat II impact)
Discussion
Developer modes expose features of the mobile operating system that are not available during standard operation. An adversary may leverage a vulnerability inherent in a developer mode to compromise the confidentiality, integrity, and availability of DoD sensitive information. Disabling developer modes mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #26
Check Content
Review device configuration settings to confirm that debugging features are disallowed. This procedure is performed on both the MDM Administration console and the Samsung Android device. On the MDM console, for the device, in the "Android user restrictions" group, verify that "disallow debugging features" is selected. On the Samsung Android device, do the following: 1. Open Settings. 2. Tap "About phone". 3. Tap "Software information". 4. Tap "Build number". 5. Verify that the message "Unable to perform action" is displayed. If on the MDM console "disallow debugging features" is not selected, or on the Samsung Android device the "Unable to perform action" message is not displayed, this is a finding.
Fix Text
Configure Samsung Android to disallow debugging features. On the MDM console, for the device, in the "Android user restrictions" group, select "disallow debugging features".
Additional Identifiers
Rule ID: SV-217687r378841_rule
Vulnerability ID: V-217687
Group Title: PP-MDF-301170
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |