Samsung Knox Android must wipe all protected data from the device after 10 consecutive unsuccessful attempts to unlock the device.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-48297 | KNOX-24-004800 | SV-61169r1_rule | Low |
| Description |
|---|
| Any time an authentication method is exposed to allow for the utilization of an operating system, there is a risk that attempts will be made to obtain unauthorized access. Mobile devices present additional risks related to attempted unauthorized access. If they are lost, stolen, or misplaced, attempts can be made to unlock the device by guessing the password. Once unlocked, an adversary may be able to obtain sensitive data on the device. The odds of guessing the passwords are greatly reduced if the operating system intervenes after a small number of consecutive unsuccessful login attempts occur. Wiping all protected data at that time renders the data permanently inaccessible. SFR ID: FIA_AFL_EXT.1.2 |
| STIG | Date |
|---|---|
| Samsung Android (with Knox 1.x) STIG | 2014-04-22 |
Details
| Check Text ( C-50729r2_chk ) |
|---|
| This validation procedure is performed on both the MDM Administration Console only. Check whether the device lock screen setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Maximum Failed Attempts" field in the "Android Password Restrictions" rule. 2. Verify the value of the setting is 10 or less. If there is no value configured for the "Maximum Failed Attempts" field, or if it is greater than 10, this is a finding. |
| Fix Text (F-51905r2_fix) |
|---|
| Configure the OS to wipe all protected data from the device after too many consecutive unsuccessful login attempts. On the MDM Administration Console, set the "Maximum Failed Attempts" to 10 in the "Android Password Restrictions" rule. |