STIGQter STIGQter: STIG Summary: Samsung Android OS 5 with Knox 2.0 Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Apr 2019: The Samsung Knox for Android platform must disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor: Disable Enable Smart Lock.

DISA Rule

SV-75707r1_rule

Vulnerability Number

V-61227

Group Title

PP-MDF-201028

Rule Version

KNOX-35-030000

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the MOS to not allow authentication mechanisms other than a Password Authentication Factor where the authentication provides user access to protected data

Configure the mobile operating system to disable Smart Lock.

On the MDM Administration Console, disable "Enable Smart Lock" setting in the "Android Restrictions" rule.

Check Contents

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Minimum Password Complexity" setting in the "Android Restrictions" rule.
2. Verify the settings are Alphanumeric.
3. Ask the MDM administrator to display the "Enable Smart Lock" setting in the "Android Restrictions" rule.
4. Verify the setting is disabled.

On the Samsung Knox for Android device:
1. Open the device settings.
2. Select "Lock screen and security".
3. Select "Secure lock settings".
4. Verify "Smart Lock" is disabled (grayed out) and cannot be enabled.

If "Smart Lock" is enabled or if the user is able to enable the settings on the device, this is a finding.

Vulnerability Number

V-61227

Documentable

False

Rule Version

KNOX-35-030000

Severity Override Guidance

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox for Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Minimum Password Complexity" setting in the "Android Restrictions" rule.
2. Verify the settings are Alphanumeric.
3. Ask the MDM administrator to display the "Enable Smart Lock" setting in the "Android Restrictions" rule.
4. Verify the setting is disabled.

On the Samsung Knox for Android device:
1. Open the device settings.
2. Select "Lock screen and security".
3. Select "Secure lock settings".
4. Verify "Smart Lock" is disabled (grayed out) and cannot be enabled.

If "Smart Lock" is enabled or if the user is able to enable the settings on the device, this is a finding.

Check Content Reference

M

Target Key

2889

Comments