From Samsung Android OS 8 with Knox 3.x COPE Use Case Security Technical Implementation Guide
Part of PP-MDF-991000
Associated with: CCI-000366
A CRL allows a certificate issuer to revoke a certificate for any reason, including improperly issued certificates and compromise of the private keys. Checking the revocation status of the certificate mitigates the risk associated with using a compromised certificate.
Review Samsung Android 8 with Knox CONTAINER configuration settings to determine if the mobile device is configured to enable a Certificate Revocation Status (CRL) Check. This validation procedure is performed on the MDM Administration Console only. On the MDM CONTAINER console, do the following: 1. Ask the MDM Administrator to display the package list in the "Certificate Revocation Check (CRL)" settings in the "Android Certificate" rule. 2. Verify the string is "*" (asterisk). 3. Ask the MDM Administrator to display the enable check box in the "Certificate Revocation Check (CRL)" settings in the "Android Certificate" rule. 4. Verify the check box is selected. If the MDM console "Certificate Revocation Check (CRL)" settings are not enabled for all packages, this is a finding.
Configure the Samsung Android 8 with Knox CONTAINER to enable a Certificate Revocation Status (CRL) Check. On the MDM CONTAINER console, do the following: 1. Enter the string "*" (asterisk) in the package list in the "Certificate Revocation Check (CRL)" settings in the "Android Certificate" rule. 2. Select the enable check box in the "Certificate Revocation Check (CRL)" settings in the "Android Certificate" rule.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer