KNOX-07-005100 - The Samsung must be configured to enable authentication of hotspot connections to the device using a preshared key.

Information

If there is no authentication required to establish personal hotspot connections, an adversary may be able to use that device to perform attacks on other devices or networks without detection. A sophisticated adversary may also be able to exploit unknown system vulnerabilities to access information and computing resources on the device. Requiring authentication to establish personal hotspot connections mitigates this risk.

Application note: If hotspot functionality is permitted, it must be authenticated via a preshared key. There is no requirement to enable hotspot functionality.

SFR ID: FMT_SMF_EXT.1.1 #41a

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the Samsung Android 7 with Knox to enable authentication of personal hotspot connections to the device using a preshared key.

On the MDM console, deselect the "Allow Unsecured Hotspot" checkbox in the "WiFi Policy" rule.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Samsung_Android_OS_7_with_Knox_2-x_V1R1_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(1), CAT|II, CCI|CCI-002314, Rule-ID|SV-91257r1_rule, STIG-ID|KNOX-07-005100, Vuln-ID|V-76561

Plugin: MDM

Control ID: a08d0ca1a36daaf03517f5a955940575fc8c1680d1772bf52aaabe5aad965f75