Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-66805 | LGA6-20-100101 | SV-81295r2_rule | High |
Description |
---|
Passwords provide a form of access control that prevents unauthorized individuals from accessing computing resources and sensitive data. Passwords may also be a source of entropy for generation of key encryption or data encryption keys. If a password is not required to access data, then this data is accessible to any adversary who obtains physical possession of the device. Requiring that a password be successfully entered before the mobile device data is unencrypted mitigates this risk. Note: MDF PP v.2.0 requires a Password Authentication Factor and requires management of its length and complexity. It leaves open whether the existence of a password is subject to management. This STIGID addresses the configuration to require a password, which is critical to the cybersecurity posture of the device. SFR ID: FIA_UAU_EXT.1.1 |
STIG | Date |
---|---|
LG Android 6.x Security Technical Implementation Guide | 2016-05-05 |
Check Text ( C-67455r2_chk ) |
---|
This validation procedure is performed on both the MDM Administration Console and the LG Android device. On the MDM console, do the following: 1. Ask the MDM administrator to display the "Password" setting in the MDM console. 2. Verify a password policy has been configured. 3. Verify a password policy has been assigned to all groups. On the LG Android device: 1. Unlock the device. 2. Navigate to the password entry screen: Settings >> General >> Security (or Fingerprints & security) >> Lock screen >> Select screen lock. 3. Verify password is enabled and cannot be disabled (grayed out). If on the MDM console a password policy is not configured or on the LG Android device the password is not enabled or can be disabled, this is a finding. |
Fix Text (F-72905r2_fix) |
---|
Configure the mobile operating system to force successful entry of a password before data resident on the device is decrypted. On the MDM Administration Console, configure a "Password" policy and assign it to all groups. |