STIGQter STIGQter: STIG Summary: Samsung Android (with Knox 2.x) STIG Version: 1 Release: 4 Benchmark Date: 22 Apr 2016: The Samsung Knox for Android container must be configured to lock the display after 15 minutes (or less) of inactivity.

DISA Rule

SV-70301r1_rule

Vulnerability Number

V-56047

Group Title

PP-MDF-001002

Rule Version

KNOX-34-012110

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the OS to initiate a session lock after a time period of inactivity.

Configure the mobile operating system to lock the device after no more than 15 minutes of inactivity.

On the MDM Console, set the "Max Time to Lock" to organization-defined value (15 min) in the "Android Knox Container -> Container Password Restrictions" rule.

Check Contents

This check procedure is performed on both the MDM Administration Console and the Samsung Knox device.

Check that the appropriate setting is configured on the MDM Administration Console.
1. Ask the MDM administrator to display the "Max Time to Lock" setting in the "Android Knox Container -> Container Password Restrictions" rule.
2. Verify the value of the setting is the organization-defined value (15 min) or less.

On the Samsung Knox for Android device:
1. Open the Knox Container.
2. Refrain from using the Knox Container for 15 min.
3. Verify the selected value is organization-defined value (15 min) or less.

If the selected value is larger than 15 min, or if the Knox Container does not lock after 15 min, this is a finding.

Vulnerability Number

V-56047

Documentable

False

Rule Version

KNOX-34-012110

Severity Override Guidance

This check procedure is performed on both the MDM Administration Console and the Samsung Knox device.

Check that the appropriate setting is configured on the MDM Administration Console.
1. Ask the MDM administrator to display the "Max Time to Lock" setting in the "Android Knox Container -> Container Password Restrictions" rule.
2. Verify the value of the setting is the organization-defined value (15 min) or less.

On the Samsung Knox for Android device:
1. Open the Knox Container.
2. Refrain from using the Knox Container for 15 min.
3. Verify the selected value is organization-defined value (15 min) or less.

If the selected value is larger than 15 min, or if the Knox Container does not lock after 15 min, this is a finding.

Check Content Reference

M

Target Key

2699

Comments