Samsung Android 8 with Knox must implement the management setting: Configure minimum password complexity.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-80201	KNOX-08-008800	SV-94905r2_rule		Medium

Description
Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks. The ability to crack a password is a function of how many attempts an adversary is permitted, how quickly an adversary can do each attempt, and the size of the password space. A minimum level of complexity is needed to ensure a simple password or easily guessed password is not used. SFR ID: FMT_SMF_EXT.1.1 #47

Description

Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks. The ability to crack a password is a function of how many attempts an adversary is permitted, how quickly an adversary can do each attempt, and the size of the password space. A minimum level of complexity is needed to ensure a simple password or easily guessed password is not used. SFR ID: FMT_SMF_EXT.1.1 #47

STIG	Date
Samsung Android OS 8 with Knox 3.x COBO Use Case Security Technical Implementation Guide	2019-10-01

Details

Check Text ( C-79873r2_chk )
Review Samsung Android 8 with Knox configuration settings to determine if the mobile device has been configured with a minimum password complexity. This validation procedure is performed on both the MDM Administration Console and the Samsung Android 8 with Knox device. On the MDM console, do the following: 1. Ask the MDM Administrator to display the "Minimum Password Complexity" setting in the "Android Restrictions" rule. 2. Verify the setting is "PIN" (see note). On the Samsung Android 8 with Knox device, do the following: 1. Open the device settings. 2. Select "Lock screen and security". 3. Select "Screen lock type". 4. Verify "Swipe", "Pattern", and "None" are disabled (grayed out) and cannot be enabled. If the MDM console "Minimum Password Complexity" is not configured to "PIN" or on the Samsung Android 8 with Knox device, the user can enable the setting, this is a finding. Note: Some MDM consoles may display “Numeric” and “Numeric-Complex” instead of “PIN”. Either selection is acceptable but “Numeric-Complex” is recommended. Alphabetic, Alphanumeric, and Complex are also acceptable selections, but these selections will cause the user to select a complex password, which is not required by the STIG.

Check Text ( C-79873r2_chk )

Review Samsung Android 8 with Knox configuration settings to determine if the mobile device has been configured with a minimum password complexity.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 8 with Knox device.

On the MDM console, do the following:
1. Ask the MDM Administrator to display the "Minimum Password Complexity" setting in the "Android Restrictions" rule.
2. Verify the setting is "PIN" (see note).

On the Samsung Android 8 with Knox device, do the following:
1. Open the device settings.
2. Select "Lock screen and security".
3. Select "Screen lock type".
4. Verify "Swipe", "Pattern", and "None" are disabled (grayed out) and cannot be enabled.

If the MDM console "Minimum Password Complexity" is not configured to "PIN" or on the Samsung Android 8 with Knox device, the user can enable the setting, this is a finding.

Note: Some MDM consoles may display “Numeric” and “Numeric-Complex” instead of “PIN”. Either selection is acceptable but “Numeric-Complex” is recommended. Alphabetic, Alphanumeric, and Complex are also acceptable selections, but these selections will cause the user to select a complex password, which is not required by the STIG.

Fix Text (F-87007r2_fix)
Configure Samsung Android 8 with Knox to have a minimum password complexity. On the MDM console, configure "Minimum Password Complexity" to "PIN" in the "Android Password Restrictions" rule. Note: Some MDM consoles may display “Numeric” and “Numeric-Complex” instead of “PIN”. Either selection is acceptable but “Numeric-Complex” is recommended. Alphabetic, Alphanumeric, and Complex are also acceptable selections, but these selections will cause the user to select a complex password, which is not required by the STIG.

Fix Text (F-87007r2_fix)

Configure Samsung Android 8 with Knox to have a minimum password complexity.

On the MDM console, configure "Minimum Password Complexity" to "PIN" in the "Android Password Restrictions" rule.

Note: Some MDM consoles may display “Numeric” and “Numeric-Complex” instead of “PIN”. Either selection is acceptable but “Numeric-Complex” is recommended. Alphabetic, Alphanumeric, and Complex are also acceptable selections, but these selections will cause the user to select a complex password, which is not required by the STIG.