STIGQter STIGQter: STIG Summary: Samsung Android OS 7 with Knox 2.x Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The Samsung Android 7 with Knox must implement the management setting: Configure to enforce a minimum Container password length of 4 characters.

DISA Rule

SV-91335r1_rule

Vulnerability Number

V-76639

Group Title

PP-MDF-991000

Rule Version

KNOX-07-913200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Samsung Android 7 with Knox to enforce a minimum Container password length of four characters.

On the MDM console, set the "Minimum Length" value to "4" or greater in the "Android Knox Container >> Container Password Restrictions" rule.

Check Contents

Not Applicable for the COBO use case.

Review Samsung Android 7 with Knox configuration settings to determine if the mobile device is configured to enforce a minimum Container password length of "4" characters.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Minimum Length" setting in the "Android Knox Container >> Container Password Restrictions" rule.
2. Verify the value of the setting is the same or greater than "4" characters.

On the Samsung Android 7 with Knox device, do the following:
1. Open the Knox Container.
2. Select "Knox Settings".
3. Select "Lock type".
4. Enter current password.
5. Attempt to enter a password with fewer than "4" characters.
6. Verify the password is not accepted.

If the MDM console "Minimum Length" is not set to the same or greater than "4" characters or on the Samsung Android 7 with Knox device, accepts a container password with fewer than the "4" characters, this is a finding.

Note: This configuration setting will allow users to implement fingerprint unlock for the container, which is approved for use. The use of a password to move between container and personal areas is only required if the password is needed to provide data separation between the two processing environments. For the Samsung devices, the password is required to enable the container and implement data separation.

Vulnerability Number

V-76639

Documentable

False

Rule Version

KNOX-07-913200

Severity Override Guidance

Not Applicable for the COBO use case.

Review Samsung Android 7 with Knox configuration settings to determine if the mobile device is configured to enforce a minimum Container password length of "4" characters.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 7 with Knox device.

On the MDM console, do the following:
1. Ask the MDM administrator to display the "Minimum Length" setting in the "Android Knox Container >> Container Password Restrictions" rule.
2. Verify the value of the setting is the same or greater than "4" characters.

On the Samsung Android 7 with Knox device, do the following:
1. Open the Knox Container.
2. Select "Knox Settings".
3. Select "Lock type".
4. Enter current password.
5. Attempt to enter a password with fewer than "4" characters.
6. Verify the password is not accepted.

If the MDM console "Minimum Length" is not set to the same or greater than "4" characters or on the Samsung Android 7 with Knox device, accepts a container password with fewer than the "4" characters, this is a finding.

Note: This configuration setting will allow users to implement fingerprint unlock for the container, which is approved for use. The use of a password to move between container and personal areas is only required if the password is needed to provide data separation between the two processing environments. For the Samsung devices, the password is required to enable the container and implement data separation.

Check Content Reference

M

Target Key

3253

Comments