STIGQter STIGQter: STIG Summary: Samsung Android (with Knox 2.x) STIG Version: 1 Release: 4 Benchmark Date: 22 Apr 2016: The Samsung Knox for Android platform must be configured to prohibit more than 10 consecutive failed authentication attempts.

DISA Rule

SV-70297r1_rule

Vulnerability Number

V-56043

Group Title

PP-MDF-001003

Rule Version

KNOX-34-008900

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the mobile device to allow only 10 or less consecutive failed authentication attempts.

On the MDM Administration Console, set the "Maximum Failed Attempts" to 10 or less in the "Android Password Restrictions" rule for the device unlock password.

Check Contents

This validation procedure is performed only on the MDM Administration Console.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Maximum Failed Attempts" field in the "Android Password Restrictions" rule for the device unlock password.
2. Verify the value of the setting is 10 or less.

This configuration is not available on the Samsung Knox for Android device.

If the "Maximum Failed Attempts" field in the "Android Password Restrictions" rule for the device unlock password is not set to 10 or less, this is a finding.

Vulnerability Number

V-56043

Documentable

False

Rule Version

KNOX-34-008900

Severity Override Guidance

This validation procedure is performed only on the MDM Administration Console.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Maximum Failed Attempts" field in the "Android Password Restrictions" rule for the device unlock password.
2. Verify the value of the setting is 10 or less.

This configuration is not available on the Samsung Knox for Android device.

If the "Maximum Failed Attempts" field in the "Android Password Restrictions" rule for the device unlock password is not set to 10 or less, this is a finding.

Check Content Reference

M

Target Key

2699

Comments