STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jul 2020: STIGQter: STIG Summary: Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jul 2020:SV-104025r2_rule
V-93939
PP-MDF-301030
KNOX-09-001445
CAT II
10
Configure Samsung Android to enforce a screen-lock policy that will lock the display after a period of inactivity with a lock type that is configured with a minimum password quality.
On the MDM console, for the device, in the "Android password constraints" group, set "minimum password quality" (or password type) to "PIN".
Note: Some MDM consoles may display “Numeric” and “Numeric-Complex” instead of “PIN”. Either selection is acceptable but “Numeric-Complex” is recommended. Alphabetic, Alphanumeric, and Complex are also acceptable selections but these selections will cause the user to select a complex password, which is not required by the STIG.
Review device configuration settings to confirm that the device uses a screen-lock policy that will lock the display after a period of inactivity and that the lock type is configured with a minimum password quality.
This procedure is performed on both the MDM Administration console and the Samsung Android device.
On the MDM console, for the device, in the "Android password constraints" group, verify that the "minimum password quality" is "PIN" (see note).
On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Lock screen".
3. Tap "Screen lock type".
4. Verify that "Swipe”, “Pattern”, and “None" cannot be enabled.
If on the MDM console "minimum password quality" is not set to "PIN", or on the Samsung Android device the user can select a screen lock type other than "password", this is a finding.
Note: Some MDM consoles may display “Numeric” and “Numeric-Complex” instead of “PIN”. Either selection is acceptable but “Numeric-Complex” is recommended. Alphabetic, Alphanumeric, and Complex are also acceptable selections but these selections will cause the user to select a complex password, which is not required by the STIG.
V-93939
False
KNOX-09-001445
Review device configuration settings to confirm that the device uses a screen-lock policy that will lock the display after a period of inactivity and that the lock type is configured with a minimum password quality.
This procedure is performed on both the MDM Administration console and the Samsung Android device.
On the MDM console, for the device, in the "Android password constraints" group, verify that the "minimum password quality" is "PIN" (see note).
On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Lock screen".
3. Tap "Screen lock type".
4. Verify that "Swipe”, “Pattern”, and “None" cannot be enabled.
If on the MDM console "minimum password quality" is not set to "PIN", or on the Samsung Android device the user can select a screen lock type other than "password", this is a finding.
Note: Some MDM consoles may display “Numeric” and “Numeric-Complex” instead of “PIN”. Either selection is acceptable but “Numeric-Complex” is recommended. Alphabetic, Alphanumeric, and Complex are also acceptable selections but these selections will cause the user to select a complex password, which is not required by the STIG.
M
3509