STIGQter STIGQter: STIG Summary: Samsung Android OS 7 with Knox 2.x Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The Samsung Android 7 with Knox must implement the management setting: Configure minimum password complexity.

DISA Rule

SV-91317r2_rule

Vulnerability Number

V-76621

Group Title

PP-MDF-991000

Rule Version

KNOX-07-018600

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Samsung Android 7 with Knox to have a minimum password complexity.

On the MDM console, configure "Minimum Password Complexity" to PIN in the "Android Password Restrictions" rule.
Note: Some MDM consoles may display “Numeric” and “Numeric-Complex” instead of “PIN”. Either selection is acceptable but “Numeric-Complex” is recommended. Alphabetic, Alphanumeric, and Complex are also acceptable selections but these selections will cause the user to select a complex password, which is not required by the STIG.

Check Contents

Review Samsung Android 7 with Knox configuration settings to determine if the mobile device has been configured with a minimum password complexity.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Minimum Password Complexity" setting in the "Android Restrictions" rule.
2. Verify the setting is "PIN". (see Note)

On the Samsung Android 7 with Knox device, do the following:
1. Open the device settings.
2. Select "Lock screen and security".
3. Select "Lock screen type".
4. Verify "Swipe", "Pattern", and "None" are disabled (grayed out) and cannot be enabled.

If the MDM console "Minimum Password Complexity" is not configured to "PIN", or on the Samsung Android 7 with Knox device, the user cannot enable the setting, this is a finding.

Note: Some MDM consoles may display “Numeric” and “Numeric-Complex” instead of “PIN”. Either selection is acceptable but “Numeric-Complex” is recommended. Alphabetic, Alphanumeric, and Complex are also acceptable selections but these selections will cause the user to select a complex password, which is not required by the STIG.

Vulnerability Number

V-76621

Documentable

False

Rule Version

KNOX-07-018600

Severity Override Guidance

Review Samsung Android 7 with Knox configuration settings to determine if the mobile device has been configured with a minimum password complexity.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Minimum Password Complexity" setting in the "Android Restrictions" rule.
2. Verify the setting is "PIN". (see Note)

On the Samsung Android 7 with Knox device, do the following:
1. Open the device settings.
2. Select "Lock screen and security".
3. Select "Lock screen type".
4. Verify "Swipe", "Pattern", and "None" are disabled (grayed out) and cannot be enabled.

If the MDM console "Minimum Password Complexity" is not configured to "PIN", or on the Samsung Android 7 with Knox device, the user cannot enable the setting, this is a finding.

Note: Some MDM consoles may display “Numeric” and “Numeric-Complex” instead of “PIN”. Either selection is acceptable but “Numeric-Complex” is recommended. Alphabetic, Alphanumeric, and Complex are also acceptable selections but these selections will cause the user to select a complex password, which is not required by the STIG.

Check Content Reference

M

Target Key

3253

Comments