STIGQter: STIG Summary: Samsung OS 9 with Knox 3.x COBO Use Case KPE(AE) Deployment Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Samsung Android must be configured to enforce that Secure Startup is enabled. This requirement is Not Applicable (NA) to Galaxy S10 (or newer) devices.

DISA Rule

SV-103019r1_rule

Vulnerability Number

V-92931

Group Title

PP-MDF-991000

Rule Version

KNOX-09-001420

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure Samsung Android to enable Secure Startup.

This guidance is only applicable to devices prior to Galaxy S10.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometrics and security".
3. Tap "Other security settings".
4. Tap "Secure startup".
5. Tap option "Require password when device powers on".
6. Tap "Apply".
7. Enter the current password.

Check Contents

Review device configuration settings to confirm that Secure Startup is enabled.

This procedure is performed on the Samsung Android device prior to Galaxy S10 only.

This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometric and security".
3. Tap "Other security settings".
4. Tap "Secure startup".
5. Verify that "Require password when device powers on" is already selected and "Do not require" is not selected.

If on the Samsung Android device "Do not require" is selected, this is a finding.

Vulnerability Number

V-92931

Documentable

False

Rule Version

KNOX-09-001420

Severity Override Guidance

Review device configuration settings to confirm that Secure Startup is enabled.

This procedure is performed on the Samsung Android device prior to Galaxy S10 only.

This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometric and security".
3. Tap "Other security settings".
4. Tap "Secure startup".
5. Verify that "Require password when device powers on" is already selected and "Do not require" is not selected.

If on the Samsung Android device "Do not require" is selected, this is a finding.

Check Content Reference

M

Target Key

3495

Comments