STIGQter STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019: Samsung Android must be configured to enforce that Secure Startup is enabled. This requirement is Not Applicable (NA) to Galaxy S10 (or newer) devices.

DISA Rule

SV-103925r1_rule

Vulnerability Number

V-93839

Group Title

PP-MDF-991000

Rule Version

KNOX-09-001420

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Samsung Android to enable Secure Startup.

This guidance is only applicable to devices prior to Galaxy S10.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometrics and security".
3. Tap "Other security settings".
4. Tap "Secure startup".
5. Tap option "Require password when device powers on".
6. Tap "Apply".
7. Enter the current password,

Check Contents

Review device configuration settings to confirm that Secure Startup is enabled.

This procedure is performed on the Samsung Android device prior to Galaxy S10 only.

This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometric and security".
3. Tap "Other security settings".
4. Tap "Secure startup".
5. Verify that "Require password when device powers on" is already selected and "Do not require" is not selected.

If on the Samsung Android device "Do not require" is selected, this is a finding.

Vulnerability Number

V-93839

Documentable

False

Rule Version

KNOX-09-001420

Severity Override Guidance

Review device configuration settings to confirm that Secure Startup is enabled.

This procedure is performed on the Samsung Android device prior to Galaxy S10 only.

This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometric and security".
3. Tap "Other security settings".
4. Tap "Secure startup".
5. Verify that "Require password when device powers on" is already selected and "Do not require" is not selected.

If on the Samsung Android device "Do not require" is selected, this is a finding.

Check Content Reference

M

Target Key

3507

Comments