| Review Samsung Android 8 with Knox configuration settings to determine if the mobile device is configured to lock the screen after 15 minutes (or less) of inactivity. |
This validation procedure is performed on both the MDM Administration Console and the Samsung Android 8 with Knox device.
On the MDM console, do the following:
1. Ask the MDM Administrator to display the "Maximum Time to Lock" setting in the "Android Password Restrictions" rule.
2. Verify the value of the setting is the organization-defined value minus the maximum screen timeout or less. In this case, with Android 8, the value of the setting must be 5 minutes or less.
On the Samsung Android 8 with Knox device, do the following:
1. Unlock the device.
2. Refrain from performing any activity on the device for 15 minutes.
3. Verify the device requires the user to enter the device unlock password to access the device.
If the MDM console "Maximum Time to Lock" is not set to 5 minutes or less for the lock timeout or on the Samsung Android 8 with Knox device, if after 15 minutes of inactivity the user does not have to enter a password to unlock the device, this is a finding.
Note: This value defines the amount of time from when the screen turns off until the device locks. Since the maximum screen timeout a user can select on Android 8 is 10 minutes, a 5-minute or less lock time value fulfills this requirement.