STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

STIGs updated 1 hour ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Samsung Android 16 COPE Security Technical Implementation Guide

Version

V1R2

Release Date

Feb 11, 2026

SCAP Benchmark ID

U_SS_Android_16_COPE_STIG

Total Checks

48

Tags

mobile

CAT I: 2CAT II: 37CAT III: 9

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON Download STIG ZIP

Checks (48)

V-276640LOWSamsung Android 16 must disable the use of assistants (including Samsung Assistant) unless required to meet Section 508 compliance requirements.V-276641MEDIUMThe Samsung Android device work profile must be configured to disable the autofill services.V-276642LOWSamsung Android must be configured to disable all Bluetooth profiles except for Headset Profile (HSP), Hands-Free Profile (HFP), Serial Port Profile (SPP), Advanced Audio Distribution Profile (A2DP), Audio/Video Remote Control Profile (AVRCP), and Phone Book Access Profile (PBAP).V-276643MEDIUMSamsung Android's Work profile must allow only the Administrator (management tool) to perform the following management function: Install/remove DOD root and intermediate PKI certificates.V-276644MEDIUMSamsung Android must be configured to disallow configuration of the device's date and time.V-276645MEDIUMSamsung Android must be configured to enable authentication of personal hotspot connections to the device using a preshared key.V-276646MEDIUMSamsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes and groups of application processes from accessing all data stored by other application processes and groups of application processes.V-276647MEDIUMSamsung Android must be configured to disable developer modes.V-276648MEDIUMSamsung Android 16 must disable the ability of the user to wipe the device.V-276649MEDIUMSamsung Android must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including DOD-approved commercial app repository, management tool server, or mobile application store.V-276650MEDIUMSamsung Android must be configured to not allow backup of all applications and configuration data to remote systems. (This requirement applies to the Work Profile for COPE.) - Disable Data Sync Framework.V-276651MEDIUMSamsung Android's Work profile must be configured to prevent users from adding personal email accounts to the work email app.V-276652HIGHSamsung Android must be configured to enable encryption for data at rest on removable storage media or, alternately, the use of removable storage media must be disabled.V-276653LOWSamsung Android 16 must disable wireless printing.V-276654MEDIUMSamsung Android must be configured to disable USB mass storage mode.V-276655MEDIUMSamsung Android must be configured to not allow backup of all applications and configuration data to locally connected systems.V-276656MEDIUMSamsung Android must be configured to disable ad hoc wireless client-to-client connection capability.V-276657MEDIUMThe Samsung Android device must be configured to enforce that Wi-Fi Sharing is disabled.V-276658MEDIUMSamsung Android's Work profile must have the DOD root and intermediate PKI certificates installed.V-276659MEDIUMThe Samsung Android device work profile must be configured to enforce the system application disable list.V-276660MEDIUMThe Samsung Android device work profile must be configured to disable automatic completion of work space internet browser text input.V-276661LOWSamsung Android must not accept the certificate when it cannot establish a connection to determine the validity of a certificate.V-276662LOWSamsung Android's Work profile must be configured to enable Common Criteria (CC) mode.V-276663LOWSamsung Android must be configured to display the DOD advisory warning message at startup or each time the user unlocks the device.V-276664MEDIUMSamsung Android must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor: Face recognition.V-276665MEDIUMSamsung Android must be configured to enable a screen-lock policy that will lock the display after a period of inactivity - Disable trust agents.V-276666MEDIUMSamsung Android must be configured to not display the following (Work Environment) notifications when the device is locked: All notifications.V-276667MEDIUMSamsung Android must be configured to not allow more than 10 consecutive failed authentication attempts.V-276668MEDIUMSamsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.V-276669LOWThe Samsung Android device must be configured to perform the following management function: Disable Phone Hub.V-276670MEDIUMSamsung Android must be configured to enforce a minimum password length of six characters.V-276671MEDIUMSamsung Android must be configured to not allow passwords that include more than four repeating or sequential characters.V-276672LOWThe Samsung Android device must be configured to disable the use of third-party keyboards.V-276673LOWSamsung Android 16 must disable screen capture.V-276674MEDIUMSamsung Android's Work profile must be configured to enable audit logging.V-276675MEDIUMThe Samsung Android device must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)].V-276676MEDIUMThe Samsung Android device must be configured to enable Certificate Revocation List (CRL) status checking.V-276677MEDIUMSamsung Android allowlist must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini.V-276722MEDIUMSamsung Android's Work profile must be configured to enforce an application installation policy by specifying an application allowlist that restricts applications by the following characteristics: Names.V-276723MEDIUMSamsung Android's Work profile must be configured to not allow installation of applications with the following characteristics: - Back up MD data to non-DOD cloud servers (including user and application access to cloud backup services); - Transmit MD diagnostic data to non-DOD servers; - Voice assistant application if available when MD is locked; - Voice dialing application if available when MD is locked; - Allows synchronization of data or applications between devices associated with user; and - Allows unencrypted (or encrypted but not FIPS 140-2/140-3-validated) data sharing with other MDs or printers. - Apps that backup their own data to a remote system. - Apps that render TV shows and movies.V-276739MEDIUMSamsung Android must be enrolled as a COPE device.V-276740MEDIUMSamsung Android device users must complete required training.V-276741HIGHThe Samsung Android device must have the latest available Samsung Android operating system (OS) installed.V-276742MEDIUMThe Samsung Android device must be provisioned as a fully managed device and configured to create a work profile.V-276743MEDIUMSamsung Android 16 devices must have a Mobile Threat Detection (MTD) app installed.V-276744MEDIUMSamsung Android 16 must implement the management setting: disable Camera.V-279246MEDIUMSamsung Android 16 must implement the management setting: disable the Bluetooth radio.V-279247MEDIUMThe Samsung Android device must be configured to disable Wi-Fi Aware for Work Profile apps.