Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-231023 | KNOX-11-004000 | SV-231023r608683_rule | Medium |
Description |
---|
The fingerprint reader can be used to authenticate the user in order to unlock the mobile device. At this time, no mobile device biometric reader has been evaluated as meeting the security requirements of the MDFPP or been approved for DoD use on mobile devices. This technology could allow unauthorized users to have access to DoD sensitive data if compromised. By not permitting the use of non-password authentication mechanisms, users are forced to use passcodes that meet DoD passcode requirements. SFR ID: FMT_SMF_EXT.1.1 #23, FIA_UAU.5.1 |
STIG | Date |
---|---|
Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide | 2020-12-08 |
Check Text ( C-33953r592683_chk ) |
---|
Review Samsung Android configuration settings to determine if Trust Agents are disabled. This validation procedure is performed on both the management tool Administration Console and the Samsung Android device. On the management tool, in the device restrictions section, verify that "Trust Agents" are set to "Disable". On the Samsung Android device: 1. Open Settings >> Biometrics and security >> Other security settings >> Trust agents. 2. Verify that all listed Trust Agents are disabled and cannot be enabled. If on the management tool "Trust Agents" are not set to "Disable", or on the Samsung Android device a "Trust Agent" can be enabled, this is a finding. |
Fix Text (F-33926r592684_fix) |
---|
Configure Samsung Android to disable Trust Agents. On the management tool, in the device restrictions section, set "Trust Agents" to "Disable". |