STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Samsung Android OS 13 with Knox 3.x COBO Security Technical Implementation Guide

V-255122

CAT II (Medium)

Samsung Android must be configured to enable authentication of personal hotspot connections to the device using a preshared key.

Rule ID

SV-255122r1134993_rule

STIG

Samsung Android OS 13 with Knox 3.x COBO Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-001443, CCI-002314

Discussion

If no authentication is required to establish personal hotspot connections, an adversary may be able to use that device to perform attacks on other devices or networks without detection. A sophisticated adversary may also be able to exploit unknown system vulnerabilities to access information and computing resources on the device. Requiring authentication to establish personal hotspot connections mitigates this risk. Application note: If hotspot functionality is permitted, it must be authenticated via a preshared key. There is no requirement to enable hotspot functionality, and it is recommended this functionality be disabled by default. SFR ID: FMT_SMF_EXT.1.1 #41

Check Content

Review the configuration to determine if the Samsung Android devices are enabling authentication of personal hotspot connections to the device using a preshared key. 

This validation procedure is performed on both the management tool and the Samsung Android device.

On the management tool, in the device restrictions, verify "Configure tethering" is set to "Disallow".

On the Samsung Android device: 
1. Open Settings >> Connections.
2. Verify "Mobile Hotspot and Tethering" is grayed out.

If on the management tool "Configure tethering" is not set to "Disallow", or on the Samsung Android device "Mobile Hotspot and Tethering" is not grayed out, this is a finding.

If the deployment requires the use of Mobile Hotspot and Tethering, follow this alternative procedure:

On the management tool, in the device Wi-Fi section, verify "Unsecured hotspot" is set to "Disallow".

On the Samsung Android device: 
1. Open Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile Hotspot.
2. Tap "Configure".
3. Tap the "Security" section
4. Tap option "Open" in the "Security" drop-down box.
5. If a warning message is displayed, tap "Continue".
6. Verify "Save" is disabled.

If on the management tool "Unsecured hotspot" is not set to "Disallow", or on the Samsung Android device "Open" can be selected in the "Security" drop-down box and the configuration can be saved, this is a finding.

Fix Text

Configure the Samsung Android devices to enable authentication of personal hotspot connections to the device using a preshared key.

On the management tool, in the device restrictions, set "Configure tethering" to "Disallow".

If the deployment requires the use of Mobile Hotspot and Tethering, KPE policy can be used to allow its usage in a STIG-approved configuration. In this case, do not configure the policy above, and instead:

On the management tool, in the device Wi-Fi section, set "Unsecured hotspot" to "Disallow" and add Training Topic "Don't use Wi-Fi Sharing" (see supplemental document for additional information).