STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Samsung Android 15 MDFPP 3.3 BYOAD Security Technical Implementation Guide

Version

V1R3

Release Date

Feb 13, 2026

SCAP Benchmark ID

SS_Android_15_MDFPP_BYOAD

Total Checks

29

Tags

mobile

CAT I: 2CAT II: 24CAT III: 3

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON Download STIG ZIP

Checks (29)

V-272525LOWSamsung Android 15 must prohibit DOD VPN profiles in the Personal Profile.V-272528MEDIUMSamsung Android must be configured to enable a screen-lock policy that will lock the display after a period of inactivity - Disable trust agents.V-272529MEDIUMSamsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.V-272576MEDIUMSamsung Android must be configured to enforce a minimum password length of six characters.V-272577MEDIUMSamsung Android must be configured to not allow passwords that include more than four repeating or sequential characters.V-272578MEDIUMSamsung Android must be configured to not allow more than 10 consecutive failed authentication attempts.V-272579MEDIUMSamsung Android must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including DOD-approved commercial app repository, management tool server, or mobile application store.V-272580MEDIUMThe Samsung Android Work environment must be configured to enforce an application installation policy by specifying an application allowlist that restricts applications by the following characteristics: Names.V-272581MEDIUMThe Samsung Android Work environment must be configured to not allow installation of applications with the following characteristics: - Back up MD data to non-DOD cloud servers (including user and application access to cloud backup services); - Transmit MD diagnostic data to non-DOD servers; - Voice assistant application if available when MD is locked; - Voice dialing application if available when MD is locked; - Allows synchronization of data or applications between devices associated with user; and - Allows unencrypted (or encrypted but not FIPS 140-2/140-3 validated) data sharing with other MDs or printers. - Apps that backup their own data to a remote system.V-272582MEDIUMThe Samsung Android 15 allowlist must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini.V-272583MEDIUMSamsung Android must be configured to not display the following (Work Environment) notifications when the device is locked: All notifications.V-272586MEDIUMSamsung Android must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor: Face recognition.V-272591LOWSamsung Android must be configured to display the DOD advisory warning message at startup or each time the user unlocks the device.V-272598MEDIUMSamsung Android must be configured to not allow backup of all applications, configuration data to remote systems. (This requirement applies to the Work Profile for COPE or BYOAD.) - Disable Data Sync Framework.V-272602MEDIUMSamsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes and groups of application processes from accessing all data stored by other application processes and groups of application processes.V-272609MEDIUMSamsung Android's Work environment must allow only the Administrator (management tool) to perform the following management function: Install/remove DOD root and intermediate PKI certificates.V-272610MEDIUMSamsung Android must be enrolled as a BYOD device.V-272612MEDIUMSamsung Android's Work profile must have the DOD root and intermediate PKI certificates installed.V-272614MEDIUMSamsung Android's Work environment must be configured to prevent users from adding personal email accounts to the work email app.V-272616MEDIUMSamsung Android device users must complete required training.V-272617HIGHThe Samsung Android device must have the latest available Samsung Android operating system (OS) installed.V-272618MEDIUMThe Samsung Android device must be configured to enable Certificate Revocation List (CRL) status checking.V-272620MEDIUMThe Samsung Android device work profile must be configured to enforce the system application disable list.V-272622MEDIUMThe Samsung Android device work profile must be configured to disable automatic completion of workspace internet browser text input.V-272623MEDIUMThe Samsung Android device work profile must be configured to disable the autofill services.V-272624LOWThe Samsung Android device must be configured to disable the use of third-party keyboards.V-277023MEDIUMSamsung Android 15 BYOAD devices must have a Mobile Threat Detection (MTD) app installed.V-277025MEDIUMSamsung Android 15 BYOAD devices must have a Mobile Threat Detection (MTD) app installed.V-282962HIGHAll Samsung Android 15 BYOAD installations must be removed.