STIGQter STIGQter: STIG Summary: Samsung OS 9 with Knox 3.x COBO Use Case KPE(AE) Deployment Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Samsung Android must be configured to enforce a minimum password length of six characters.

DISA Rule

SV-102963r1_rule

Vulnerability Number

V-92875

Group Title

PP-MDF-301010

Rule Version

KNOX-09-000370

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure Samsung Android to enforce a minimum password length of six characters.

On the MDM console, in the Android password constraints, set the "minimum password length" to "6" or greater.

Check Contents

Review device configuration settings to confirm that the minimum password length is six or more characters.

This procedure is performed on both the MDM administration console and the Samsung Android device.

On the MDM console, for the device, in the "Android password constraints" group, verify that the "minimum password length" is "6" or greater.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Lock screen".
3. Tap "Screen lock type".
4. Enter current password.
5. Tap "Password".
6. Verify that passwords entered with fewer than six characters are not accepted.

If on the MDM console "minimum password length" is less than "6", or on the Samsung Android device a password of less than "6" characters is accepted, this is a finding.

Vulnerability Number

V-92875

Documentable

False

Rule Version

KNOX-09-000370

Severity Override Guidance

Review device configuration settings to confirm that the minimum password length is six or more characters.

This procedure is performed on both the MDM administration console and the Samsung Android device.

On the MDM console, for the device, in the "Android password constraints" group, verify that the "minimum password length" is "6" or greater.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Lock screen".
3. Tap "Screen lock type".
4. Enter current password.
5. Tap "Password".
6. Verify that passwords entered with fewer than six characters are not accepted.

If on the MDM console "minimum password length" is less than "6", or on the Samsung Android device a password of less than "6" characters is accepted, this is a finding.

Check Content Reference

M

Target Key

3495

Comments