STIGQter: STIG Summary: Samsung Android 11 with Knox 3.x AE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Samsung Android must be configured to lock the display after 15 minutes (or less) of inactivity.

DISA Rule

SV-230975r607691_rule

Vulnerability Number

V-230975

Group Title

PP-MDF-301030

Rule Version

KNOX-11-000500

Severity

CAT II

CCI(s)

• CCI-000057 - The information system initiates a session lock after the organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Configure Samsung Android to lock the device display after 15 minutes (or less) of inactivity.

On the management tool:
1. Open the device password policies.
2. Set "minimum password quality" to "Numeric" (or better).
3. Set the "max time to screen lock" to "15 minutes" or less.

Check Contents

Review Samsung Android configuration settings to determine if the mobile device has the screen lock timeout set to 15 minutes or less.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool:
1. Open the device password policies.
2. Verify "minimum password quality" is set to "Numeric" (or better).
3. Verify the "max time to screen lock" is set to "15 minutes" or less.

On the Samsung Android device:
1. Open Settings >> Lock screen.
2. Verify "Secure lock settings" is present and tap it.
3. Enter current password.
4. Tap "Lock automatically".
5. Verify the listed timeout values are 15 minutes or less.

If on the management tool the "minimum password quality" is not set to "Numeric" (or better) and "max time to screen lock" is not set to "15 minutes" or less, or on the Samsung Android device "Secure lock settings" is not present and the listed Screen timeout values include durations of more than 15 minutes, this is a finding.

Vulnerability Number

V-230975

Documentable

False

Rule Version

KNOX-11-000500

Severity Override Guidance

Review Samsung Android configuration settings to determine if the mobile device has the screen lock timeout set to 15 minutes or less.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool:
1. Open the device password policies.
2. Verify "minimum password quality" is set to "Numeric" (or better).
3. Verify the "max time to screen lock" is set to "15 minutes" or less.

On the Samsung Android device:
1. Open Settings >> Lock screen.
2. Verify "Secure lock settings" is present and tap it.
3. Enter current password.
4. Tap "Lock automatically".
5. Verify the listed timeout values are 15 minutes or less.

If on the management tool the "minimum password quality" is not set to "Numeric" (or better) and "max time to screen lock" is not set to "15 minutes" or less, or on the Samsung Android device "Secure lock settings" is not present and the listed Screen timeout values include durations of more than 15 minutes, this is a finding.

Check Content Reference

M

Target Key

5247

Comments