STIGQter: STIG Summary: Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Mar 2020:

Samsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.

DISA Rule

SV-109023r1_rule

Vulnerability Number

V-99919

Group Title

PP-MDF-301040

Rule Version

KNOX-10-000400

Severity

CAT II

CCI(s)

• CCI-000057 - The information system initiates a session lock after the organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Configure Samsung Android to lock the device display after 15 minutes (or less) of inactivity.

On the management tool, in the device password requirements section, set the "max time to screen lock" to "15 minutes" or less.

Check Contents

Review Samsung Android configuration settings to determine if the mobile device has the screen lock timeout set to 15 minutes or less.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device password requirements section, verify the "max time to screen lock" is set to "15 minutes" or less.

On the Samsung Android device, do the following:
1. Open Settings >> Display >> Screen timeout.
2. Verify that the listed Screen timeout values are 15 minutes or less.

If on the management tool the "max time to screen lock" is not set to "15 minutes" or less, or on the Samsung Android device the listed Screen timeout values include durations of more than 15 minutes, this is a finding.

Vulnerability Number

V-99919

Documentable

False

Rule Version

KNOX-10-000400

Severity Override Guidance

Review Samsung Android configuration settings to determine if the mobile device has the screen lock timeout set to 15 minutes or less.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device password requirements section, verify the "max time to screen lock" is set to "15 minutes" or less.

On the Samsung Android device, do the following:
1. Open Settings >> Display >> Screen timeout.
2. Verify that the listed Screen timeout values are 15 minutes or less.

If on the management tool the "max time to screen lock" is not set to "15 minutes" or less, or on the Samsung Android device the listed Screen timeout values include durations of more than 15 minutes, this is a finding.

Check Content Reference

M

Target Key

3613

Comments