Check: KNOX-14-210010
Samsung Android OS 14 with Knox 3.x COPE STIG:
KNOX-14-210010
(in versions v1 r2 through v1 r1)
Title
Samsung Android must be enrolled as a COPE device. (Cat II impact)
Discussion
The Work profile is the designated application group for the COPE use case. SFR ID: FMT_MOF_EXT.1.2 #47
Check Content
Review the configuration to determine if the Samsung Android devices are enrolled in a DOD-approved use case. This validation procedure is performed on both the management tool Administration Console and the Samsung Android device. On the management tool, verify the default enrollment is set to "Work profile for company-owned devices". On the Samsung Android device: 1. Open Settings >> Security and privacy >> More security settings >> Device admin apps. 2. Verify the management tool Agent is listed. 3. Go to the app drawer. 4. Verify a "Personal" and "Work" tab are present. If on the management tool the default enrollment is not set as "Work profile for company-owned devices", or on the Samsung Android device the "Personal" and "Work" tabs are not present or the management tool Agent is not listed, this is a finding.
Fix Text
Enroll the Samsung Android devices in a DOD-approved use case. On the management tool, configure the default enrollment as "Work profile for company-owned devices". Refer to the management tool documentation to determine how to configure the device enrollment.
Additional Identifiers
Rule ID: SV-258663r931189_rule
Vulnerability ID: V-258663
Group Title: PP-MDF-993300
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |