STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jul 2020:

Samsung Android must be configured to enforce a minimum password length of six characters.

DISA Rule

SV-103957r1_rule

Vulnerability Number

V-93871

Group Title

PP-MDF-301010

Rule Version

KNOX-09-000375

Severity

CAT III

CCI(s)

CCI-000205 - The information system enforces minimum password length.

Weight

Fix Recommendation

Configure Samsung Android to enforce a minimum password length of six characters.

On the MDM console, in the Android password constraints, set the "minimum password length" to "6" or greater.

Check Contents

Review device configuration settings to confirm that the minimum password length is six or more characters.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Android password constraints" group, verify that the "minimum password length" is "6" or greater.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Lock screen".
3. Tap "Screen lock type".
4. Enter current password.
5. Tap "Password".
6. Verify that passwords entered with fewer than six characters are not accepted.

If on the MDM console "minimum password length" is less than "6", or on the Samsung Android device a password of less than "6" characters is accepted, this is a finding.

Vulnerability Number

V-93871

Documentable

False

Rule Version

KNOX-09-000375

Severity Override Guidance

Check Content Reference

Target Key

3509

Samsung Android must be configured to enforce a minimum password length of six characters.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments