UCF STIG Viewer Logo

Samsung Knox Android must allow only the administrator/MDM to enforce a minimum password complexity.


Overview

Finding ID Version Rule ID IA Controls Severity
V-48301 KNOX-24-007100 SV-61173r1_rule Low
Description
Users must not be able to override the system policy on minimum password complexity because this could allow them to set passwords that are easily guessable or crackable. Only administrators and the MDM software should have the authority to set minimum password complexity policies. SFR ID: FMT_MOF.1.1(2) #01
STIG Date
Samsung Android (with Knox 1.x) STIG 2014-04-22

Details

Check Text ( C-50733r4_chk )
Note: This validation procedure is identical to the one for KNOX-25-013600. It only needs to be performed once. If it is found compliant on the first check, it is also compliant here. If it is determined to be a finding on the first check, it is also a finding here. Redundant checks are necessary to maintain requirements traceability and provide complete risk management information to the DAAs.

This validation procedure is performed on the Samsung Knox Android device only.

On the Samsung Knox Android device:
1. Open the application list.
2. Verify the presence of an MDM agent.
Note: Verification on the MDM agent is MDM vendor specific.

For example, on the Fixmo MDM agent, open the MDM agent, press the Menu button and select "Details".
1. Verify Profile ID is not "NULL".
2. Press the Menu button.
3. Select "Poll Server".
4. Verify no errors are generated in the messages list.

On the AirWatch MDM agent:
1. Open the MDM agent.
2. Select "Device Status".
3. Verify "Enrollment Status" is enrolled.

If the MDM agent is not present on the Samsung Knox Android device, or if the MDM vendor specific checks do not show the proper value, this is a finding.
Fix Text (F-51909r2_fix)
Implement the MDM to centrally manage configuration settings.