UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Samsung Android 8 with Knox must implement the management setting: Configure minimum password complexity.


Overview

Finding ID Version Rule ID IA Controls Severity
V-80323 KNOX-08-008800 SV-95027r1_rule Medium
Description
Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks. The ability to crack a password is a function of how many attempts an adversary is permitted, how quickly an adversary can do each attempt, and the size of the password space. A minimum level of complexity is needed to ensure a simple password or easily guessed password is not used. SFR ID: FMT_SMF_EXT.1.1 #47
STIG Date
Samsung Android OS 8 with Knox 3.x COPE Use Case Security Technical Implementation Guide 2018-11-30

Details

Check Text ( C-79995r1_chk )
Review Samsung Android 8 with Knox configuration settings to determine if the mobile device has been configured with a minimum password complexity.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 8 with Knox device.

On the MDM console, do the following:
1. Ask the MDM Administrator to display the "Minimum Password Complexity" setting in the "Android Restrictions" rule.
2. Verify the setting is "Alphanumeric".

On the Samsung Android 8 with Knox device, do the following:
1. Open the device settings.
2. Select "Lock screen and security".
3. Select "Screen lock type".
4. Verify "Swipe", "Pattern", "PIN", and "None" are disabled (grayed out) and cannot be enabled.

If the MDM console "Minimum Password Complexity" is not configured to "Alphanumeric" or on the Samsung Android 8 with Knox device, the user can enable the setting, this is a finding.
Fix Text (F-87129r1_fix)
Configure Samsung Android 8 with Knox to have a minimum password complexity.

On the MDM console, configure "Minimum Password Complexity" to "Alphanumeric" in the "Android Password Restrictions" rule.