← Back to Samsung Android 15 MDFPP 3.3 BYOAD Security Technical Implementation Guide

V-272598

CAT II (Medium)

Samsung Android must be configured to not allow backup of all applications, configuration data to remote systems. (This requirement applies to the Work Profile for COPE or BYOAD.) - Disable Data Sync Framework.

Rule ID

SV-272598r1137819_rule

STIG

Samsung Android 15 MDFPP 3.3 BYOAD Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-001090

Discussion

Backups to remote systems (including cloud backup) can leave data vulnerable to breach on the external systems, which often offer less protection than the MOS. Where the remote backup involves a cloud-based solution, the backup capability is often used to synchronize data across multiple devices. In this case, DOD devices may synchronize DOD sensitive information to a user's personal device or other unauthorized computers that are vulnerable to breach. The Data Sync Framework allows apps to synchronize data between the mobile device and other web-based services. This uses accounts for services the user has added to the mobile device. Preventing the user from adding accounts to the device mitigates this risk. For COPE/BYOAD (work profile) data cannot be backed up remotely via Backup Services. Work (profile) data could be backed up through adding an account to an app that supports the data sync framework; however, this is mitigated by preventing adding any accounts to the Work profile. SFR ID: FMT_SMF_EXT.1.1 #40 SFR ID: FMT_SMF.1.1 #40

Check Content

Verify requirement KNOX-15-709200 (disallow modify accounts) has been implemented.

If "disallow modify accounts" has not been implemented, this is a finding.

Fix Text

Disallow modify accounts (refer to requirement KNOX-15-709200).