STIGQter STIGQter: STIG Summary: Samsung Android OS 7 with Knox 2.x Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The Samsung Android 7 with Knox must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor and fingerprint authentication. Disable Trust Agents.

DISA Rule

SV-91243r1_rule

Vulnerability Number

V-76547

Group Title

PP-MDF-301150

Rule Version

KNOX-07-003300

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Samsung Android 7 with Knox to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor.

Configure the Samsung Android 7 with Knox to disable Trust Agents.

On the MDM console, select the "Disable Keyguard Trust Agents" setting in the "Android Password Restrictions" rule.

Note: Disabling Trust Agents will disable Smart Lock.

Check Contents

Review documentation on the Samsung Android 7 with Knox and inspect the configuration on the Samsung Android 7 with Knox to disable Trust Agents.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Minimum Password Complexity" setting in the "Android Password Restrictions" rule.
2. Verify the settings are "Alphanumeric".
3. Ask the MDM administrator to display the "Disable Keyguard Trust Agents" checkbox in the "Android Password Restrictions" rule.
4. Verify the checkbox is selected.

On the Samsung Android 7 with Knox device, do the following:
1. Open the device settings.
2. Select "Lock screen and security".
3. Select "Other security settings".
4. Select "Trust agents"
5. Verify all Trust Agents are disabled (grayed out) and cannot be enabled.

If the MDM console "Disable Keyguard Trust Agents" checkbox is not selected, or if "Minimum Password Complexity" is not configured to "Alphanumeric", or on the Samsung Android 7 with Knox device, the user can enable the settings, this is a finding.

Vulnerability Number

V-76547

Documentable

False

Rule Version

KNOX-07-003300

Severity Override Guidance

Review documentation on the Samsung Android 7 with Knox and inspect the configuration on the Samsung Android 7 with Knox to disable Trust Agents.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Minimum Password Complexity" setting in the "Android Password Restrictions" rule.
2. Verify the settings are "Alphanumeric".
3. Ask the MDM administrator to display the "Disable Keyguard Trust Agents" checkbox in the "Android Password Restrictions" rule.
4. Verify the checkbox is selected.

On the Samsung Android 7 with Knox device, do the following:
1. Open the device settings.
2. Select "Lock screen and security".
3. Select "Other security settings".
4. Select "Trust agents"
5. Verify all Trust Agents are disabled (grayed out) and cannot be enabled.

If the MDM console "Disable Keyguard Trust Agents" checkbox is not selected, or if "Minimum Password Complexity" is not configured to "Alphanumeric", or on the Samsung Android 7 with Knox device, the user can enable the settings, this is a finding.

Check Content Reference

M

Target Key

3253

Comments