UCF STIG Viewer Logo

Samsung Android Workspace must be configured to set the password history with a length of 0.


Overview

Finding ID Version Rule ID IA Controls Severity
V-93837 KNOX-09-001400 SV-103923r1_rule Medium
Description
Password History Length controls the number of most recently used passwords stored in the Password History list. The Password History list does not store the actual value of the previous passwords but instead calculates the hash value of the passwords. When the user attempts to set a new password, the hash value of the password is first calculated and the Password History list is checked to determine if it already contains a matching value, rejecting the password if it does. If the password is accepted, the oldest entry in the Password History list is removed, and the newly calculated password hash is added to the list. The MDFPP requires that values derived from passwords are destroyed when no longer needed; therefore, the calculated hash values of previous passwords should not be stored in the Password History list. This feature must be configured for a Samsung Android device to be in the NIAP-certified Common Criteria (CC) mode of operation. SFR ID: FMT_SMF_EXT.1.1 #47
STIG Date
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide 2020-02-24

Details

Check Text ( C-93155r1_chk )
Review the Samsung Android Workspace configuration settings to confirm that the password history is set to a length of "0".

This procedure is performed on the MDM console only.

On the MDM console, for the Workspace, in the "Android password constraints" group, verify that "password history length" is set to "0".

If on the MDM console "password history length" is not set to "0", this is a finding.
Fix Text (F-100083r1_fix)
Configure Samsung Android Workspace to set the password history with a length of "0".

On the MDM console, for the Workspace, in the "Android password constraints" group, set "password history length" to "0".