The Samsung Android 7 with Knox must be configured to disable multi-user modes.

From Samsung Android OS 7 with Knox 2.x Security Technical Implementation Guide

Part of PP-MDF-301280

Associated with: CCI-000366 CCI-002110

SV-91265r1_rule The Samsung Android 7 with Knox must be configured to disable multi-user modes.

Vulnerability discussion

Multi-user mode allows multiple users to share a mobile device by providing a degree of separation between user data. To date, no mobile device with multi-user mode features meets DoD requirements for access control, data separation, and non-repudiation for user accounts. In addition, the MDFPP does not include design requirements for multi-user account services. Disabling multi-user mode mitigates the risk of not meeting DoD multi-user account security policies.SFR ID: FMT_SMF_EXT.1.1 #47b

Check content

Review documentation on the Samsung Android 7 with Knox and inspect the configuration on the Samsung Android 7 with Knox to disable multi-user modes. Note: This requirement is only applicable for tablet devices. This validation procedure is performed on both the Samsung Android 7 with Knox device. On the MDM console, do the following: 1. Ask the MDM administrator to display the "Allow multi-user mode" checkbox in the "Android Restrictions" rule. 2. Verify the checkbox is not selected. On the Samsung Android 7 with Knox device, do the following: 1. Open the device settings. 2. Attempt to add a user in the "User" setting. 3. Verify that the "User" setting is not available. If the MDM console "Allow multi-user mode" checkbox is selected or on the Samsung Android 7 with Knox device, the user is able to add a user, this is a finding.

Fix text

Configure the Samsung Android 7 with Knox to disable multi-user modes. On the MDM console, deselect the "Allow multi-user mode" setting in the "Android MultiUser" rule. Note: This requirement is only applicable for tablet devices.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer