From Samsung Android OS 8 with Knox 3.x COPE Use Case Security Technical Implementation Guide
Part of PP-MDF-301200
Associated with: CCI-000048
The Samsung Android 8 with Knox is required to display the DoD-approved system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. Required banners help ensure that DoD can audit and monitor the activities of mobile device users without legal restriction.
The DoD warning banner can be displayed by either of the following methods (required text is found in the Vulnerability Discussion): 1. By placing the DoD warning banner text in the user agreement signed by each Samsung device user (preferred method) 2. By configuring the required banner text on the MDM console and pushing the security policy with the banner to each managed device Determine which method is used at the Samsung device site and follow the appropriate validation procedure below. Validation Procedure for Method #1: Review the signed user agreements for several Samsung device users and verify the agreement includes the required DoD warning banner text. Validation Procedure for Method #2: This validation procedure is performed on both the MDM Administration Console and the Samsung Android 8 with Knox device. On the MDM console, do the following: 1. Ask the MDM Administrator to display the "Banner Text" field in the "DoD Banner" settings in the "Android Security" rule. 2. Verify the correct DoD-specified warning text is displayed in the Banner Text field or the field is blank. 3. Ask the MDM Administrator to display the enable check box in the "DoD Banner" settings in the "Android Security" rule. 4. Verify the check box is selected. On the Samsung Android 8 with Knox device, do the following: 1. Reboot the device. 2. Verify the device displays the DoD banner. 3. Verify the DoD banner is set to one of the authorized messages. If for Method #1, the required warning banner text is not on all signed user agreements reviewed, this is a finding. If for Method #2, the MDM console "DoD Banner" enable check box is not selected, or the "Banner Text" is not set to the appropriate designated wording, or the Samsung Android 8 with Knox device does not display a warning banner with the appropriate designated wording when rebooted, this is a finding.
Configure the DoD warning banner by either of the following methods (required text is found in the Vulnerability Discussion): 1. Place the DoD warning banner text in the user agreement signed by each Samsung device user. 2. Configure Samsung Android 8 with Knox to display the DoD-mandated warning banner text. On the MDM console, do the following: 1. Enter the correct text in the "Banner Text" field in the "DoD Banner" settings in the "Android Security" rule. 2. Select the "Enable" check box in the "DoD Banner" settings in the "Android Security" rule. Note: If enabled without configuring the "Banner Text", the device will display a default text that matches the required DoD banner. Note: On some MDM vendor consoles, the logon banner automatically is displayed upon reboot while the device is MDM enrolled. On these consoles, this control is not configurable through the MDM server or on the device.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer