Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-56047 | KNOX-34-012110 | SV-70301r1_rule | Medium |
Description |
---|
The screen lock timeout must be set to a value that helps protect the device from unauthorized access. Having a too-long timeout would increase the window of opportunity for adversaries who gain physical access to the mobile device through loss, theft, etc. Such devices are much more likely to be in an unlocked state when acquired by an adversary, thus granting immediate access to the data on the mobile device. The maximum timeout period of 15 minutes has been selected to balance functionality and security; shorter timeout periods may be appropriate, depending on the risks posed to the mobile device. SFR ID: FMT_SMF.1.1 #02 |
STIG | Date |
---|---|
Samsung Android (with Knox 2.x) STIG | 2015-05-20 |
Check Text ( C-56617r2_chk ) |
---|
This check procedure is performed on both the MDM Administration Console and the Samsung Knox device. Check that the appropriate setting is configured on the MDM Administration Console. 1. Ask the MDM administrator to display the "Max Time to Lock" setting in the "Android Knox Container -> Container Password Restrictions" rule. 2. Verify the value of the setting is the organization-defined value (15 min) or less. On the Samsung Knox for Android device: 1. Open the Knox Container. 2. Refrain from using the Knox Container for 15 min. 3. Verify the selected value is organization-defined value (15 min) or less. If the selected value is larger than 15 min, or if the Knox Container does not lock after 15 min, this is a finding. |
Fix Text (F-60925r1_fix) |
---|
Configure the OS to initiate a session lock after a time period of inactivity. Configure the mobile operating system to lock the device after no more than 15 minutes of inactivity. On the MDM Console, set the "Max Time to Lock" to organization-defined value (15 min) in the "Android Knox Container -> Container Password Restrictions" rule. |