KNOX-07-017130 - If a third-party VPN client is installed, it must not be configured with a DoD network (work) VPN profile.

Information

The device VPN must be configured to disable access from the personal space/container since it is considered an untrusted environment. Therefore, apps located in the personal container on the device should not have the ability to access a DoD network. In addition, Smartphones do not generally meet security requirements for computer devices to connect directly to DoD networks.

SFR ID: FMT_SMF_EXT.1.1 #3

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If a third-party VPN client is installed in the personal space/container on a Samsung Android 7 with Knox device, do not configure the VPN client with a DoD network VPN profile.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Samsung_Android_OS_7_with_Knox_2-x_V1R1_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(2), CAT|II, CCI|CCI-000068, Rule-ID|SV-91301r1_rule, STIG-ID|KNOX-07-017130, Vuln-ID|V-76605

Plugin: MDM

Control ID: 4ae4787970b72491ff89baeb3dee935d4df946ee071c982c45f651dc84d52c0b