STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android must be configured to not allow passwords that include more than two repeating or sequential characters.

DISA Rule

SV-231014r608683_rule

Vulnerability Number

V-231014

Group Title

PP-MDF-301020

Rule Version

KNOX-11-000400

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

This requirement is not applicable if the password quality is set to Numeric (complex), or better.

Configure Samsung Android to prevent passwords from containing more than two repeating or sequential characters.

On the management tool, in the device password section, set the "maximum sequential numbers" to "2".

Check Contents

This requirement is not applicable if the password quality is set to Numeric (complex) or better.

Review Samsung Android configuration settings to determine if the mobile device is prohibiting passwords with more than two repeating or sequential characters.

This validation procedure is performed on both the management tool and the Samsung Android device.

On the management tool, in the device password section, verify the "maximum sequential numbers" is set to "2".

On the Samsung Android device:
1. Open Settings.
2. Tap "Lock screen".
3. Tap "Screen lock type".
4. Enter current password.
5. Tap "Password".
6. Verify that passwords with two or more sequential numbers are not accepted.

If on the management tool "maximum sequential numbers" is more than "2", or on the Samsung Android device a password with two or more sequential numbers is accepted, this is a finding.

Vulnerability Number

V-231014

Documentable

False

Rule Version

KNOX-11-000400

Severity Override Guidance

This requirement is not applicable if the password quality is set to Numeric (complex) or better.

Review Samsung Android configuration settings to determine if the mobile device is prohibiting passwords with more than two repeating or sequential characters.

This validation procedure is performed on both the management tool and the Samsung Android device.

On the management tool, in the device password section, verify the "maximum sequential numbers" is set to "2".

On the Samsung Android device:
1. Open Settings.
2. Tap "Lock screen".
3. Tap "Screen lock type".
4. Enter current password.
5. Tap "Password".
6. Verify that passwords with two or more sequential numbers are not accepted.

If on the management tool "maximum sequential numbers" is more than "2", or on the Samsung Android device a password with two or more sequential numbers is accepted, this is a finding.

Check Content Reference

M

Target Key

5248

Comments