Skip to content

III - Administrative Public

Rules and Groups employed by this XCCDF Profile

  • PP-MDF-323260

    <GroupDescription></GroupDescription>
    Group
  • Samsung Android must be configured to enable authentication of personal hotspot connections to the device using a pre-shared key.

    &lt;VulnDiscussion&gt;If no authentication is required to establish personal hotspot connections, an adversary may be able to use that device to pe...
    Rule Medium Severity
  • PP-MDF-990000

    <GroupDescription></GroupDescription>
    Group
  • Samsung Android must be configured to disallow configuration of the device's date and time.

    &lt;VulnDiscussion&gt;Determining the correct time a particular application event occurred on a system is critical when conducting forensic analysi...
    Rule Medium Severity
  • PP-MDF-990000

    <GroupDescription></GroupDescription>
    Group
  • Samsung Android must have the DOD root and intermediate PKI certificates installed.

    &lt;VulnDiscussion&gt;DOD root and intermediate PKI certificates are used to verify the authenticity of PKI certificates of users and web services....
    Rule Medium Severity
  • PP-MDF-323060

    <GroupDescription></GroupDescription>
    Group
  • Samsung Android must be configured to enforce an application installation policy by specifying an application allowlist that restricts applications by the following characteristics: Names.

    &lt;VulnDiscussion&gt;The application allowlist, in addition to controlling the installation of applications on the MD, must control user access/ex...
    Rule Medium Severity
  • PP-MDF-323070

    <GroupDescription></GroupDescription>
    Group
  • Samsung Android must be configured to not allow installation of applications with the following characteristics: - Back up MD data to non-DOD cloud servers (including user and application access to cloud backup services); - Transmit MD diagnostic data to non-DOD servers; - Voice assistant application if available when MD is locked; - Voice dialing application if available when MD is locked; - Allows synchronization of data or applications between devices associated with user; and - Allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers.

    &lt;VulnDiscussion&gt;Requiring all authorized applications to be in an application allowlist prevents the execution of any applications (e.g., una...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules