UCF STIG Viewer Logo

Samsung Android must be configured to enforce that Secure Startup is enabled. This requirement is Not Applicable (NA) to Galaxy S10 (or newer) devices.


Overview

Finding ID Version Rule ID IA Controls Severity
V-93637 KNOX-09-001425 SV-103723r1_rule Medium
Description
Secure Startup protects the Samsung Android device by requiring the user password to be entered before the device starts up. When Secure Startup is enabled, the default cryptographic keys are replaced with keys derived from the user password. This feature must be enabled for a Samsung Android device to be in the NIAP-certified Common Criteria (CC) mode of operation. SFR ID: FMT_SMF_EXT.1.1 #47
STIG Date
Samsung Android OS 9 with Knox 3.x COBO Use Case KPE(Legacy) Deployment Security Technical Implementation Guide 2020-06-09

Details

Check Text ( C-92955r1_chk )
Review device configuration settings to confirm that Secure Startup is enabled.

This procedure is performed on the Samsung Android device prior to Galaxy S10 only.

This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometric and security".
3. Tap "Other security settings".
4. Tap "Secure startup".
5. Verify that "Require password when device powers on" is already selected and "Do not require" is not selected.

If on the Samsung Android device "Do not require" is selected, this is a finding.
Fix Text (F-99883r1_fix)
Configure Samsung Android to enable Secure Startup.

This guidance is only applicable to devices prior to Galaxy S10.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometrics and security".
3. Tap "Other security settings".
4. Tap "Secure startup".
5. Tap option "Require password when device powers on".
6. Tap "Apply".
7. Enter the current password.