Detections
Analytics
KNOX-07-014300 - The Samsung Android 7 with Knox must implement the management setting: Container Account whitelist.
Information
Whitelisting of authorized email accounts (POP3, IMAP, EAS) prevents a user from configuring a personal email account that could be used to forward sensitive DoD data to unauthorized recipients.SFR ID: FMT_SMF_EXT.1.1 #47
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Configure the Samsung Android 7 with Knox to enforce Container Account Whitelisting.On the MDM console, add all DoD-approved email domains to the "Account whitelist" setting in the "Container Accounts" rule.
Note: Recommended to add .*@mail.mil.
See Also
https://iasecontent.disa.mil/stigs/zip/U_Samsung_Android_OS_7_with_Knox_2-x_V1R1_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-91291r1_rule, STIG-ID|KNOX-07-014300, Vuln-ID|V-76595
Plugin: MDM
Control ID: cb854fc635addccb5341fb44837b9211f758194fc730e05ac78ad0904193858a