Skip to content
Log In

I - Mission Critical Public

Rules and Groups employed by this XCCDF Profile

  • PP-MDF-990000

    Group
    Show

  • Samsung Android's Work profile must be configured to enable audit logging.

    Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. They help identify attacks so that breaches can either be prevented or limited in their scope....
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • Samsung Android's Work profile must be configured to prevent users from adding personal email accounts to the work email app.

    If the user is able to add a personal email account (POP3, IMAP, EAS) to the work email app, it could be used to forward sensitive DOD data to unauthorized recipients. Restricting email account add...
    Rule Medium Severity
    Show

  • PP-MDF-323250

    Group
    Show

  • Samsung Android's Work profile must be configured to not allow backup of all applications, configuration data to remote systems. - Disable Data Sync Framework.

    Backups to remote systems (including cloud backup) can leave data vulnerable to breach on the external systems, which often offer less protection than the MOS. Where the remote backup involves a cl...
    Rule Medium Severity
    Show

  • PP-MDF-323280

    Group
    Show

  • Samsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes, and groups of application processes from accessing all data stored by other application processes, and groups of application processes.

    App data sharing gives apps the ability to access the data of other apps for enhanced user functionality. However, sharing also poses a significant risk that unauthorized users or apps will obtain ...
    Rule Medium Severity
    Show

  • PP-MDF-323350

    Group
    Show

  • Samsung Android's Work profile must allow only the Administrator (management tool) to perform the following management function: Install/remove DOD root and intermediate PKI certificates.

    DOD root and intermediate PKI certificates are used to verify the authenticity of PKI certificates of users and web services. If the user is allowed to remove root and intermediate certificates, th...
    Rule Medium Severity
    Show

  • PP-MDF-323050

    Group
    Show

  • Samsung Android must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including DOD-approved commercial app repository, management tool server, or mobile application store.

    Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing s...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • Samsung Android's Work profile must be configured to enable Common Criteria (CC) mode.

    The CC Mode feature is a superset of other features and behavioral changes that are mandatory MDFPP requirements. If CC mode is not implemented the device will not be operating in the NIAP-certifie...
    Rule Low Severity
    Show

  • PP-MDF-321080

    Group
    Show

  • Samsung Android must not accept the certificate when it cannot establish a connection to determine the validity of a certificate.

    Certificate-based security controls depend on the ability of the system to verify the validity of a certificate. If the MOS were to accept an invalid certificate, it could take unauthorized actions...
    Rule Low Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • Samsung Android device users must complete required training.

    The security posture of Samsung devices requires the device user to configure several required policy rules on their device. User Based Enforcement (UBE) is required for these controls. In addition...
    Rule Medium Severity
    Show

  • PP-MDF-990000

    Group
    Show

  • The Samsung Android device must have the latest available Samsung Android operating system (OS) installed.

    Required security features are not available in earlier OS versions. In addition, earlier versions may have known vulnerabilities. SFR ID: FMT_MOF_EXT.1.2 #47
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules