Check: KNOX-14-225080
Samsung Android OS 14 with Knox 3.x COPE STIG:
KNOX-14-225080
(in versions v1 r2 through v1 r1)
Title
The Samsung Android device must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)]. (Cat II impact)
Discussion
If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DOD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to compromise DOD sensitive information. SFR ID: FMT_MOF_EXT.1.2 #24
Check Content
Review the device configuration to confirm the USB port is disabled except for charging the device. On the management tool: Verify "Enable USB data signaling" is toggled to "OFF". If on the management tool the USB port is not disabled, this is a finding.
Fix Text
Configure the Samsung Android 14 device to disable the USB port (except for charging the device). On the management tool: Toggle "Enable USB data signaling" to "OFF".
Additional Identifiers
Rule ID: SV-258700r931300_rule
Vulnerability ID: V-258700
Group Title: PP-MDF-993300
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002235 |
The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. |
Controls
Number | Title |
---|---|
AC-6 (10) |
Prohibit Non-Privileged Users From Executing Privileged Functions |