TickYouOff
Sign in
Back
🔒

Samsung Android 16 STIG Compliance Checklist (Y25M08)

Medium 17 items · 4 hours
testuser's avatar
testuser Published 1 month ago
Security

This checklist helps IT and security teams implement the Samsung Android 16 STIG (Y25M08) for managed devices. It covers enrollment, baseline settings, biometric rules, and network and app controls for COPE/COBO deployments.

Source: https://ncp.nist.gov/checklist/1315

Progress
0 / 17
  1. Verify device OS version is Samsung Android 16 — Confirm build number and patch level match STIG requirements.
  2. Ensure device management uses Android Enterprise (AE) — AE is the supported management model for this STIG; do not use Device Admin.
  3. Enroll devices using Knox Mobile Enrollment (KME) or AE zero-touch — Use bulk enrollment to ensure consistent, managed configurations.
  4. Set up Knox Mobile Enrollment (KME) account and upload device list — Register devices in KME and bind to your EMM for COPE/COBO fleets.
  5. Configure AE zero-touch enrollment in your EMM — Enable zero-touch provisioning if not using KME for bulk enrollment.
  6. Configure STIG baseline security settings per Samsung Android 16 STIG — Apply the recommended security controls and configuration baselines.
  7. Apply Knox policies where AE policies can't be used — Use Knox to augment AE and cover gaps in enterprise policy support.
  8. Restrict deployment to COPE or COBO use cases — Do not enroll BYOD or CYOD devices under this STIG scope.
  9. Configure the personal profile per STIG supplemental (Section 5.3.1) — Allow personal apps/data only with AO approval and imposed restrictions.
  10. Authorize fingerprint biometric for device and workspace unlock (with AO approval) — Fingerprint is allowed with AO approval; other biometrics are not approved.
  11. Disable unsupported biometric methods (facial recognition, trust agents) — Remove or disable non-approved biometric modalities per STIG.
  12. Ensure Wi‑Fi networks comply with the Network Infrastructure STIG before connecting devices — Verify wireless infrastructure conforms to relevant STIG requirements.
  13. Restrict installation of personal apps without AO approval for COPE devices — Implement controls to block or require approval before installs.
  14. Review Common Criteria evaluation status for fingerprint biometric on Android 16 — Confirm fingerprint evaluation results and re-review during CC updates.
  15. Obtain the STIG and supplemental documents from DOD Cyber Exchange or public.cyber.mil — Download the latest STIG and supplemental guidance for reference.
  16. Document configuration changes and submit comments/revisions to DISA via email — Send proposed revisions or questions to DISA at the published address.
  17. Track compliance with DoDI 8500.01 and record testing/approvals — Maintain audit records and approval evidence for compliance reviews.
Sign in to save
📝 My Notes