STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COBO Use Case KPE(Legacy) Deployment Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jul 2020:

Samsung Android must be configured to enforce that Secure Startup is enabled. This requirement is Not Applicable (NA) to Galaxy S10 (or newer) devices.

DISA Rule

SV-103723r1_rule

Vulnerability Number

V-93637

Group Title

PP-MDF-991000

Rule Version

KNOX-09-001425

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure Samsung Android to enable Secure Startup.

This guidance is only applicable to devices prior to Galaxy S10.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometrics and security".
3. Tap "Other security settings".
4. Tap "Secure startup".
5. Tap option "Require password when device powers on".
6. Tap "Apply".
7. Enter the current password.

Check Contents

Review device configuration settings to confirm that Secure Startup is enabled.

This procedure is performed on the Samsung Android device prior to Galaxy S10 only.

This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometric and security".
3. Tap "Other security settings".
4. Tap "Secure startup".
5. Verify that "Require password when device powers on" is already selected and "Do not require" is not selected.

If on the Samsung Android device "Do not require" is selected, this is a finding.

Vulnerability Number

V-93637

Documentable

False

Rule Version

KNOX-09-001425

Severity Override Guidance

Review device configuration settings to confirm that Secure Startup is enabled.

This procedure is performed on the Samsung Android device prior to Galaxy S10 only.

This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometric and security".
3. Tap "Other security settings".
4. Tap "Secure startup".
5. Verify that "Require password when device powers on" is already selected and "Do not require" is not selected.

If on the Samsung Android device "Do not require" is selected, this is a finding.

Check Content Reference

M

Target Key

3497

Comments