DISA Field Security Operations (FSO) has released the Samsung Android (with
Knox 2.x) STIG Version 1. The requirements of this STIG become effective
immediately.
All the applicable technical NIST SP 800-53 requirements were considered while
developing this STIG. Requirements that are applicable and configurable are
included in the STIG. The DoD is unable to automatically control which core
and preinstalled apps from Google, Samsung, or the carriers with an operating
system (OS) update. Some apps included in an OS update may have undesirable
features for the DoD. Approving Officials must review/vet all apps included in
any OS update to determine the risk acceptance of each app. Disapproved apps
must be disabled via the MDM.
The STIG is available at:
http://iase.disa.mil/stigs/