Samsung Android 8 with Knox must be configured to disable multi-user modes.

From Samsung Android OS 8 with Knox 3.x COPE Use Case Security Technical Implementation Guide

Part of PP-MDF-301280

Associated with: CCI-000366 CCI-002110

SV-95049r1_rule Samsung Android 8 with Knox must be configured to disable multi-user modes.

Vulnerability discussion

Multi-user mode allows multiple users to share a mobile device by providing a degree of separation between user data. To date, no mobile device with multi-user mode features meets DoD requirements for access control, data separation, and non-repudiation for user accounts. In addition, the MDFPP does not include design requirements for multi-user account services. Disabling multi-user mode mitigates the risk of not meeting DoD multi-user account security policies.SFR ID: FMT_SMF_EXT.1.1 #47b

Check content

Note: This requirement is only applicable for tablet devices. Review documentation on Samsung Android 8 with Knox and inspect the configuration on Samsung Android 8 with Knox to disable multi-user modes. This validation procedure is performed on the Samsung Android 8 with Knox device. On the MDM console, do the following: 1. Ask the MDM Administrator to display the "Allow multi-user mode" check box in the "Android Restrictions" rule. 2. Verify the check box is not selected. On the Samsung Android 8 with Knox device, do the following: 1. Open the device settings. 2. Attempt to add a user in the "User" setting. 3. Verify that the "User" setting is not available. If the MDM console "Allow multi-user mode" check box is selected or on the Samsung Android 8 with Knox device, the user is able to add a user, this is a finding.

Fix text

Note: This requirement is only applicable for tablet devices. Configure the Samsung Android 8 with Knox to disable multi-user modes. On the MDM console, deselect the "Allow multi-user mode" setting in the "Android MultiUser" rule.

Pro Tips

Powered by sagemincer