KNOX-07-013000 - The Samsung Android 7 with Knox must implement the management setting: Enable Certificate Revocation Status (CRL) Check.

Information

A CRL allows a certificate issuer to revoke a certificate for any reason, including improperly issued certificates and compromise of the private keys. Checking the revocation status of the certificate mitigates the risk associated with using a compromised certificate.

SFR ID: FMT_SMF_EXT.1.1 #47

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the Samsung Android 7 with Knox to enable a Certificate Revocation Status (CRL) Check.

On the MDM console, do the following:
1. Enter the string '*' (asterisk) in the package list in the "Certificate Revocation Check (CRL)" settings in the "Android Certificate" rule.
2. Select the enable checkbox in the "Certificate Revocation Check (CRL)" settings in the "Android Certificate" rule.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Samsung_Android_OS_7_with_Knox_2-x_V1R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-91285r1_rule, STIG-ID|KNOX-07-013000, Vuln-ID|V-76589

Plugin: MDM

Control ID: 5d658ccc63a788e820d16733cece0e2d889a54ee039a5fa1a6a39f27e8b9c5e8