STIGQter STIGQter: STIG Summary: Samsung Android OS 7 with Knox 2.x Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The Samsung Android 7 with Knox must be configured to not allow Container passwords that include more than two repeating or sequential characters.

DISA Rule

SV-91329r1_rule

Vulnerability Number

V-76633

Group Title

PP-MDF-301020

Rule Version

KNOX-07-900300

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the Samsung Android 7 with Knox to prevent Container passwords from containing more than two repeating or sequential characters.

On the MDM console, do the following:
1. Set the "Maximum Sequential Characters" value to "2" in the "Android Knox Container >> Container Password Restrictions" rule.
2. Set the "Maximum Sequential Numbers" value to "2" in the "Android Knox Container >> Container Password Restrictions" rule.

Check Contents

Not Applicable for the COBO use case.

Review Samsung Android 7 with Knox configuration settings to determine if the mobile device is prohibiting container passwords with more than two repeating or sequential characters. If feasible, use a spare device to try to create a password with more than two repeating or sequential characters (e.g., bbb, 888, hij, 654).

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Maximum Sequential Characters" setting in the "Android Knox Container >> Container Password Restrictions" rule.
2. Verify the value of the setting is set to two or less sequential characters.
3. Ask the MDM administrator to display the "Maximum Sequential Numbers" setting in the "Android Knox Container >> Container Password Restrictions" rule.
4. Verify the value of the setting is set to two or less sequential numbers.

On the Samsung Android 7 with Knox device, do the following:
1. Open the Knox Container.
2. Select "Knox Settings".
3. Select "Lock type.
4. Enter current password.
5. Select "Password".
6. Attempt to enter a password that contains more than two sequential characters or sequential numbers.
7. Verify the password is not accepted.

If the MDM console "Maximum Sequential Character" and "Maximum Sequential Number" are set to more than two repeating or sequential characters for the Knox container or on the Samsung Android 7 with Knox device, a password with more than two repeating or sequential characters is accepted for the Knox container, this is a finding.

Vulnerability Number

V-76633

Documentable

False

Rule Version

KNOX-07-900300

Severity Override Guidance

Not Applicable for the COBO use case.

Review Samsung Android 7 with Knox configuration settings to determine if the mobile device is prohibiting container passwords with more than two repeating or sequential characters. If feasible, use a spare device to try to create a password with more than two repeating or sequential characters (e.g., bbb, 888, hij, 654).

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Maximum Sequential Characters" setting in the "Android Knox Container >> Container Password Restrictions" rule.
2. Verify the value of the setting is set to two or less sequential characters.
3. Ask the MDM administrator to display the "Maximum Sequential Numbers" setting in the "Android Knox Container >> Container Password Restrictions" rule.
4. Verify the value of the setting is set to two or less sequential numbers.

On the Samsung Android 7 with Knox device, do the following:
1. Open the Knox Container.
2. Select "Knox Settings".
3. Select "Lock type.
4. Enter current password.
5. Select "Password".
6. Attempt to enter a password that contains more than two sequential characters or sequential numbers.
7. Verify the password is not accepted.

If the MDM console "Maximum Sequential Character" and "Maximum Sequential Number" are set to more than two repeating or sequential characters for the Knox container or on the Samsung Android 7 with Knox device, a password with more than two repeating or sequential characters is accepted for the Knox container, this is a finding.

Check Content Reference

M

Target Key

3253

Comments