UCF STIG Viewer Logo

Samsung Android must be configured to enforce that Strong Protection is enabled. This requirement is Not Applicable (NA) for devices older than Galaxy S10.


Overview

Finding ID Version Rule ID IA Controls Severity
V-93641 KNOX-09-001485 SV-103727r1_rule Medium
Description
Strong Protection protects the Samsung Android devices that use File Based Encryption (FBE). When Strong Protection is enabled, the default cryptographic keys used to protect the user's apps and data are replaced with keys derived from the user password. This feature must be enabled for a Samsung Android device to be in the NIAP-certified CC mode of operation. SFR ID: FMT_SMF_EXT.1.1 #47
STIG Date
Samsung Android OS 9 with Knox 3.x COBO Use Case KPE(Legacy) Deployment Security Technical Implementation Guide 2020-06-09

Details

Check Text ( C-92959r1_chk )
Review device configuration settings to confirm that Strong Protection is enabled.

This procedure is performed on the Samsung Android Galaxy S10 (or newer) devices only.

This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometric and security".
3. Tap "Other security settings".
4. Verify "Strong Protection" is enabled.

If on the Samsung Android device, "Strong Protection” is disabled, this is a finding.
Fix Text (F-99887r1_fix)
Configure Samsung Android to enable Strong Protection.

This guidance is only applicable to Galaxy S10 (or newer) devices.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Biometrics and security".
3. Tap "Other security settings".
4. Tap "Strong Protection".
5. Tap to enable.
6. Enter the current password.