KNOX-07-004700 - The Samsung must be configured to not allow backup of [all applications, configuration data] to locally connected systems.

Information

Data on mobile devices is protected by numerous mechanisms, including user authentication, access control, and cryptography. When the data is backed up to an external system (either locally connected or cloud-based), many if not all of these mechanisms are no longer present. This leaves the backed up data vulnerable to attack. Disabling backup to external systems mitigates this risk.

SFR ID: FMT_SMF_EXT.1.1 #40

Solution

Configure the Samsung Android 7 with Knox to disable backup to locally connected systems.

On the MDM console, select the "Disable USB Media Player" checkbox in the "Android Restrictions" rule.

Note: Disabling USB Media Player will also disable USB MTP, USB mass storage, and USB vendor protocol (Smart Switch, KIES).

See Also

https://iasecontent.disa.mil/stigs/zip/U_Samsung_Android_OS_7_with_Knox_2-x_V1R1_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-20(2), CAT|II, CCI|CCI-000097, Rule-ID|SV-91251r1_rule, STIG-ID|KNOX-07-004700, Vuln-ID|V-76555

Plugin: MDM

Control ID: c554c29a6a05efbb2652021afaa0d33a27349fdd7922eb3d7d713f5e935def29