KNOX-07-014300 - The Samsung Android 7 with Knox must implement the management setting: Container Account whitelist.

Information

Whitelisting of authorized email accounts (POP3, IMAP, EAS) prevents a user from configuring a personal email account that could be used to forward sensitive DoD data to unauthorized recipients.

SFR ID: FMT_SMF_EXT.1.1 #47

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the Samsung Android 7 with Knox to enforce Container Account Whitelisting.

On the MDM console, add all DoD-approved email domains to the "Account whitelist" setting in the "Container Accounts" rule.

Note: Recommended to add .*@mail.mil.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Samsung_Android_OS_7_with_Knox_2-x_V1R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-91291r1_rule, STIG-ID|KNOX-07-014300, Vuln-ID|V-76595

Plugin: MDM

Control ID: cb854fc635addccb5341fb44837b9211f758194fc730e05ac78ad0904193858a