UCF STIG Viewer Logo

Samsung Android 8 with Knox must implement the management setting: Configure minimum password complexity.


Finding ID Version Rule ID IA Controls Severity
V-80201 KNOX-08-008800 SV-94905r1_rule Medium
Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks. The ability to crack a password is a function of how many attempts an adversary is permitted, how quickly an adversary can do each attempt, and the size of the password space. A minimum level of complexity is needed to ensure a simple password or easily guessed password is not used. SFR ID: FMT_SMF_EXT.1.1 #47
Samsung Android OS 8 with Knox 3.x COBO Use Case Security Technical Implementation Guide 2018-05-14


Check Text ( C-79873r1_chk )
Review Samsung Android 8 with Knox configuration settings to determine if the mobile device has been configured with a minimum password complexity.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 8 with Knox device.

On the MDM console, do the following:
1. Ask the MDM Administrator to display the "Minimum Password Complexity" setting in the "Android Restrictions" rule.
2. Verify the setting is "Alphanumeric".

On the Samsung Android 8 with Knox device, do the following:
1. Open the device settings.
2. Select "Lock screen and security".
3. Select "Screen lock type".
4. Verify "Swipe", "Pattern", "PIN", and "None" are disabled (grayed out) and cannot be enabled.

If the MDM console "Minimum Password Complexity" is not configured to "Alphanumeric" or on the Samsung Android 8 with Knox device, the user can enable the setting, this is a finding.
Fix Text (F-87007r1_fix)
Configure Samsung Android 8 with Knox to have a minimum password complexity.

On the MDM console, configure "Minimum Password Complexity" to "Alphanumeric" in the "Android Password Restrictions" rule.