|Finding ID||Version||Rule ID||IA Controls||Severity|
|The Face Recognition feature allows a user's face to be registered and used to unlock the device. This technology would allow unauthorized users to have access to DoD sensitive data if compromised. By not permitting the use of non-password authentication mechanisms, users are forced to use passcodes that meet DoD passcode requirements. SFR ID: FMT_SMF_EXT.1.1 #23, FIA_UAU.5.1|
|Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment Security Technical Implementation Guide||2020-05-15|
|Check Text ( C-93203r1_chk )|
| Review device configuration settings to confirm that Face Recognition is disabled. |
This procedure is performed on both the MDM Administration console and the Samsung Android device.
On the MDM console, for the device, in the "Knox password constraints" group, verify that "disable face" is selected.
On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Lock screen".
3. Tap "Screen lock type".
4. Enter current password.
5. Verify that "Face" is disabled and cannot be enabled.
If on the MDM console "disable face" is not selected, or on the Samsung Android device "Face" can be enabled, this is a finding.
|Fix Text (F-100133r1_fix)|
| Configure Samsung Android to disable Face Recognition. |
On the MDM console, for the device, in the "Knox password constraints" group, select "disable face".