STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Samsung Android 16 COPE Security Technical Implementation Guide

V-276661

CAT III (Low)

Samsung Android must not accept the certificate when it cannot establish a connection to determine the validity of a certificate.

Rule ID

SV-276661r1139505_rule

STIG

Samsung Android 16 COPE Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000185

Discussion

Certificate-based security controls depend on the ability of the system to verify the validity of a certificate. If the MOS were to accept an invalid certificate, it could take unauthorized actions, resulting in unanticipated outcomes. At the same time, if the MOS were to disable functionality when it could not determine the validity of the certificate, this could result in a denial of service. Therefore, the ability to provide exceptions is appropriate to balance the tradeoff between security and functionality. Always accepting certificates when they cannot be determined to be valid is the most extreme exception policy and is not appropriate in the DOD context. Involving an Administrator or user in the exception decision mitigates this risk to some degree. SFR ID: FIA_X509_EXT_2.2

Check Content

Verify requirement KNOX-16-009300 (Common Criteria mode) has been implemented.

If "Common Criteria mode" has not been implemented, this is a finding.

Fix Text

Implement "Common Criteria mode" (refer to requirement KNOX-16-009300).

API: setCommonCriteriaModeEnabled