KNOX-07-003000 - The Samsung must be configured to enable encryption for information at rest on removable storage media.

Information

The Samsung Android 7 with Knox must ensure the data being written to the mobile device's removable media is protected from unauthorized access. If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can read removable media directly, thereby circumventing operating system controls. Encrypting the data ensures confidentiality is protected even when the operating system is not running.

SFR ID: FMT_SMF_EXT.1.1 #21, #47f

Solution

Configure the Samsung Android 7 with Knox to enable information at rest protection for removable media.

On the MDM console, do the following:
Enable the "External Storage Encryption" setting in the "Android Security" rule.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Samsung_Android_OS_7_with_Knox_2-x_V1R1_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-28, CAT|I, CCI|CCI-001199, Rule-ID|SV-91241r1_rule, STIG-ID|KNOX-07-003000, Vuln-ID|V-76545

Plugin: MDM

Control ID: ccd4ca4fc43a760a51ec3d7e17b3fa2e7c7c6fe82aff62ff56b11eae52659589