UCF STIG Viewer Logo

Samsung Android must be configured to not enable Microsoft Exchange ActiveSync (EAS) password recovery. This requirement is not applicable if not using Microsoft EAS.


Overview

Finding ID Version Rule ID IA Controls Severity
V-92927 KNOX-09-001370 SV-103015r1_rule Medium
Description
Password Recovery is a feature of Microsoft EAS. Exceeding the Password Attempts limit triggers the Lock screen to open a Password Recovery Mode. This feature must be disabled for a Samsung Android device to be in the NIAP-certified Common Criteria (CC) mode of operation. If Microsoft EAS password recovery is enabled, the Samsung device will be out of compliance with the CC Mode configuration. This requirement is configured on the Exchange server. It is the responsibility of the DoD mobile service provider to ensure that the Exchange server has been configured in compliance with the requirement. The requirement is only applicable if using Microsoft Exchange ActiveSync in the device (personal side). SFR ID: FMT_SMF_EXT.1.1 #47
STIG Date
Samsung OS 9 with Knox 3.x COBO Use Case KPE(AE) Deployment Security Technical Implementation Guide 2020-02-24

Details

Check Text ( C-92237r1_chk )
Verify that the Microsoft EAS password recovery has been disabled on the Exchange server.

If on the Microsoft EAS server "password recovery" is not disabled, this is a finding.
Fix Text (F-99173r1_fix)
Configure Samsung Android to not enable Microsoft EAS password recovery.

The DoD mobile service provider should verify that the Exchange server is configured to disable Microsoft EAS password recovery.