Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-93843 | KNOX-09-001480 | SV-103929r1_rule | Medium |
Description |
---|
Strong Protection protects the Samsung Android devices that use File Based Encryption (FBE). When Strong Protection is enabled, the default cryptographic keys used to protect the user's apps and data are replaced with keys derived from the user password. This feature must be enabled for a Samsung Android device to be in the NIAP-certified CC mode of operation. SFR ID: FMT_SMF_EXT.1.1 #47 |
STIG | Date |
---|---|
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide | 2020-02-24 |
Check Text ( C-93161r1_chk ) |
---|
Review device configuration settings to confirm that Strong Protection is enabled. This procedure is performed on the Samsung Android Galaxy S10 (or newer) devices only. This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement. On the Samsung Android device, do the following: 1. Open Settings 2. Tap "Biometric and security". 3. Tap "Other security settings". 4. Verify "Strong Protection" is enabled. If on the Samsung Android device "Strong Protection” is disabled, this is a finding. |
Fix Text (F-100089r1_fix) |
---|
Configure Samsung Android to enable Strong Protection. This guidance is only applicable to Galaxy S10 (or newer) devices. On the Samsung Android device, do the following: 1. Open Settings. 2. Tap "Biometrics and security". 3. Tap "Other security settings". 4. Tap "Strong Protection". 5. Tap to enable. 6. Enter the current password. |