Samsung Android must be configured to not enable Microsoft Exchange ActiveSync (EAS) password recovery. This requirement is not applicable if not using Microsoft EAS.
Password Recovery is a feature of Microsoft EAS. Exceeding the Password Attempts limit triggers the Lock screen to open a Password Recovery Mode.
This feature must be disabled for a Samsung Android device to be in the NIAP-certified Common Criteria (CC) mode of operation.
If Microsoft EAS password recovery is enabled, the Samsung device will be out of compliance with the CC Mode configuration. This requirement is configured on the Exchange server. It is the responsibility of the DoD mobile service provider to ensure the Exchange server has been configured in compliance with the requirement.
The requirement is only applicable if using Microsoft Exchange ActiveSync in the device (personal side).
SFR ID: FMT_SMF_EXT.1.1 #47