Samsung Android must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including DOD-approved commercial app repository, management tool server, or mobile application store.
An XCCDF Rule
Description
<VulnDiscussion>Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing such installations and executions could cause a compromise of DOD data accessible by these unauthorized/malicious applications. SFR ID: FMT_SMF_EXT.1.1 #8a</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-255162r867423_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the Samsung Android devices to disable unauthorized application repositories.
On the management tool, in the Work profile restrictions, set "installs from unknown sources globally" to "Disallow".
Note: Google Play must not be disabled. Disabling Google Play will cause system instability and critical updates will not be received.