Detections
Analytics
KNOX-07-017130 - If a third-party VPN client is installed, it must not be configured with a DoD network (work) VPN profile.
Information
The device VPN must be configured to disable access from the personal space/container since it is considered an untrusted environment. Therefore, apps located in the personal container on the device should not have the ability to access a DoD network. In addition, Smartphones do not generally meet security requirements for computer devices to connect directly to DoD networks.SFR ID: FMT_SMF_EXT.1.1 #3
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
If a third-party VPN client is installed in the personal space/container on a Samsung Android 7 with Knox device, do not configure the VPN client with a DoD network VPN profile.See Also
https://iasecontent.disa.mil/stigs/zip/U_Samsung_Android_OS_7_with_Knox_2-x_V1R1_STIG.zip
Item Details
Category: ACCESS CONTROL
References: 800-53|AC-17(2), CAT|II, CCI|CCI-000068, Rule-ID|SV-91301r1_rule, STIG-ID|KNOX-07-017130, Vuln-ID|V-76605
Plugin: MDM
Control ID: 4ae4787970b72491ff89baeb3dee935d4df946ee071c982c45f651dc84d52c0b