The Samsung Android device must be configured to enforce that Wi-Fi Sharing is disabled.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-276550	PP-MDF-993300	KNOX-16-009700	SV-276550r1140696_rule	2025-09-22	1

Description
Wi-Fi Sharing is an optional configuration of Wi-Fi Tethering/Mobile Hotspot, which allows the device to share its Wi-Fi connection with other wirelessly connected devices instead of its mobile (cellular) connection. Wi-Fi Sharing grants the "other" device access to a corporate Wi-Fi network and may possibly bypass the network access control mechanisms. This risk can be partially mitigated by requiring the use of a preshared key for personal hotspots. SFR ID: FMT_SMF.1.1 #47

Description

Wi-Fi Sharing is an optional configuration of Wi-Fi Tethering/Mobile Hotspot, which allows the device to share its Wi-Fi connection with other wirelessly connected devices instead of its mobile (cellular) connection. Wi-Fi Sharing grants the "other" device access to a corporate Wi-Fi network and may possibly bypass the network access control mechanisms. This risk can be partially mitigated by requiring the use of a preshared key for personal hotspots. SFR ID: FMT_SMF.1.1 #47

ℹ️ Check
Review device configuration settings to confirm Wi-Fi Sharing is disabled. Mobile Hotspot must be enabled to enable Wi-Fi Sharing. If the authorizing official (AO) has not approved Mobile Hotspot, and it has been verified as disabled on the EMM console, no further action is needed. If Mobile Hotspot is being used, use the following procedure to verify Wi-Fi Sharing is disabled: This is a "User-Based Enforcement (UBE)" control. Check a sample of Samsung phones at the site and verify that the mobile hotspot Wi-Fi sharing option is toggled to "Off". - Go to Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile Hotspot. - Tap "Network name". - Tap "Advanced". - Verify "Wi-Fi sharing" is toggled off or the option is disabled. If the Wi-Fi sharing is not set to disabled, this is a finding. On the EMM console: COBO: 1. Open "Set user restrictions". 2. Verify "Disallow sharing admin configured Wi-Fi" is toggled to "ON". COPE: 1. Open "Set user restrictions on parent". 2. Verify "Disallow sharing admin configured Wi-Fi" it toggled to "ON". If on the EMM console, "Disallow sharing admin configured Wi-Fi" is not enabled, this is a finding.

ℹ️ Check

Review device configuration settings to confirm Wi-Fi Sharing is disabled. Mobile Hotspot must be enabled to enable Wi-Fi Sharing. If the authorizing official (AO) has not approved Mobile Hotspot, and it has been verified as disabled on the EMM console, no further action is needed. If Mobile Hotspot is being used, use the following procedure to verify Wi-Fi Sharing is disabled: This is a "User-Based Enforcement (UBE)" control. Check a sample of Samsung phones at the site and verify that the mobile hotspot Wi-Fi sharing option is toggled to "Off". - Go to Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile Hotspot. - Tap "Network name". - Tap "Advanced". - Verify "Wi-Fi sharing" is toggled off or the option is disabled. If the Wi-Fi sharing is not set to disabled, this is a finding. On the EMM console: COBO: 1. Open "Set user restrictions". 2. Verify "Disallow sharing admin configured Wi-Fi" is toggled to "ON". COPE: 1. Open "Set user restrictions on parent". 2. Verify "Disallow sharing admin configured Wi-Fi" it toggled to "ON". If on the EMM console, "Disallow sharing admin configured Wi-Fi" is not enabled, this is a finding.

✔️ Fix
Configure the Samsung Android 16 device to disable Wi-Fi Sharing. Mobile Hotspot must be enabled to enable Wi-Fi Sharing. If the AO has not approved Mobile Hotspot, and it has been disabled on the EMM console, no further action is needed. If Mobile Hotspot is being used, then use the following procedure and "User-Based Enforcement (UBE)" control: Train users to disable/not enable Samsung Wi-Fi Sharing. Refer to STIG requirement KNOX-16-009700. - Go to Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile Hotspot. - Tap "Network name". - Tap "Advanced". - Verify "Wi-Fi sharing" is toggled off or the option is disabled. On the EMM console: COBO: 1. Open "Set user restrictions". 2. Toggle "Disallow sharing admin configured Wi-Fi" to "ON". COPE: 1. Open "Set user restrictions on parent". 2. Toggle "Disallow sharing admin configured Wi-Fi" to "ON". On COBO devices, KPE policy can be used to configure this setting without "User-Based Enforcement (UBE)" control, by setting the "Allow Wi-Fi Sharing" option in KSP to disable. API: DISALLOW_SHARING_ADMIN_CONFIGURED_WIFI

✔️ Fix

Configure the Samsung Android 16 device to disable Wi-Fi Sharing. Mobile Hotspot must be enabled to enable Wi-Fi Sharing. If the AO has not approved Mobile Hotspot, and it has been disabled on the EMM console, no further action is needed. If Mobile Hotspot is being used, then use the following procedure and "User-Based Enforcement (UBE)" control: Train users to disable/not enable Samsung Wi-Fi Sharing. Refer to STIG requirement KNOX-16-009700. - Go to Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile Hotspot. - Tap "Network name". - Tap "Advanced". - Verify "Wi-Fi sharing" is toggled off or the option is disabled. On the EMM console: COBO: 1. Open "Set user restrictions". 2. Toggle "Disallow sharing admin configured Wi-Fi" to "ON". COPE: 1. Open "Set user restrictions on parent". 2. Toggle "Disallow sharing admin configured Wi-Fi" to "ON". On COBO devices, KPE policy can be used to configure this setting without "User-Based Enforcement (UBE)" control, by setting the "Allow Wi-Fi Sharing" option in KSP to disable. API: DISALLOW_SHARING_ADMIN_CONFIGURED_WIFI