Samsung Knox Android must wipe all protected data from the device after 10 consecutive unsuccessful attempts to unlock the device.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-48297	KNOX-24-004800	SV-61169r1_rule		Low

Description
Any time an authentication method is exposed to allow for the utilization of an operating system, there is a risk that attempts will be made to obtain unauthorized access. Mobile devices present additional risks related to attempted unauthorized access. If they are lost, stolen, or misplaced, attempts can be made to unlock the device by guessing the password. Once unlocked, an adversary may be able to obtain sensitive data on the device. The odds of guessing the passwords are greatly reduced if the operating system intervenes after a small number of consecutive unsuccessful login attempts occur. Wiping all protected data at that time renders the data permanently inaccessible. SFR ID: FIA_AFL_EXT.1.2

Description

Any time an authentication method is exposed to allow for the utilization of an operating system, there is a risk that attempts will be made to obtain unauthorized access. Mobile devices present additional risks related to attempted unauthorized access. If they are lost, stolen, or misplaced, attempts can be made to unlock the device by guessing the password. Once unlocked, an adversary may be able to obtain sensitive data on the device. The odds of guessing the passwords are greatly reduced if the operating system intervenes after a small number of consecutive unsuccessful login attempts occur. Wiping all protected data at that time renders the data permanently inaccessible. SFR ID: FIA_AFL_EXT.1.2

STIG	Date
Samsung Android (with Knox 1.x) STIG	2014-04-22

Details

Check Text ( C-50729r2_chk )
This validation procedure is performed on both the MDM Administration Console only. Check whether the device lock screen setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Maximum Failed Attempts" field in the "Android Password Restrictions" rule. 2. Verify the value of the setting is 10 or less. If there is no value configured for the "Maximum Failed Attempts" field, or if it is greater than 10, this is a finding.

Check Text ( C-50729r2_chk )

This validation procedure is performed on both the MDM Administration Console only.

Check whether the device lock screen setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the "Maximum Failed Attempts" field in the "Android Password Restrictions" rule.
2. Verify the value of the setting is 10 or less.

If there is no value configured for the "Maximum Failed Attempts" field, or if it is greater than 10, this is a finding.

Fix Text (F-51905r2_fix)
Configure the OS to wipe all protected data from the device after too many consecutive unsuccessful login attempts. On the MDM Administration Console, set the "Maximum Failed Attempts" to 10 in the "Android Password Restrictions" rule.