From Samsung Android OS 6 (with KNOX 2.x) Security Technical Implementation Guide
Part of PP-MDF-201030
Associated with: CCI-000366
By default, the enterprise administrator will install and enroll MDM on the device's owner user space. Since some policies configured by the MDM will only apply to the owner space, the user can bypass some of these policies by creating and switching to a guest user space. This can potentially result in compromise of the device and DoD data via installation of malicious applications. Disabling this feature will mitigate this risk.
This validation procedure is performed on both the MDM Administration Console and the Samsung KNOX for Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Allow multi-user mode" settings in the "Android Restrictions" rule. 2. Verify the setting is disabled. On the Samsung KNOX for Android device: 1. Open the device settings. 2. Attempt to add a user in the "User" setting. 3. Verify that the "User" setting is not available. If the "Allow multi-user mode" setting is enabled, or if the user is able to add a user, this is a finding.
Configure the mobile operating system to disable multi-user modes. On the MDM Administration Console, disable the "Allow multi-user mode" setting in the "Android Restrictions" rule. Note: This requirement is only applicable for tablet devices.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer