|Finding ID||Version||Rule ID||IA Controls||Severity|
|Trust agents allow a user to unlock a mobile device without entering a passcode when the mobile device is, for example, connected to a user-selected Bluetooth device or in a user-selected location. This technology would allow unauthorized users to have access to DoD sensitive data if compromised. By not permitting the use of non-password authentication mechanisms, users are forced to use passcodes that meet DoD passcode requirements. SFR ID: FMT_SMF_EXT.1.1 #23, FIA_UAU.5.1|
|Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment Security Technical Implementation Guide||2020-05-15|
|Check Text ( C-93201r1_chk )|
| Review device configuration settings to confirm that trust agents are disabled. |
This procedure is performed on both the MDM Administration console and the Samsung Android device.
On the MDM console, for the device, in the "Android lock screen restrictions" group, verify that "disable trust agents" is selected.
On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometrics and security".
3. Tap "Other security settings".
4. Tap "Trust agents".
5. Verify that all listed trust agents are disabled and cannot be enabled.
If on the MDM console "disable trust agents" is not selected, or on the Samsung Android device a trust agent can be enabled, this is a finding.
|Fix Text (F-100131r1_fix)|
| Configure Samsung Android to disable trust agents. |
On the MDM console, for the device, in the "Android lock screen restriction" group, select "disable trust agents".