Check: KNOX-09-001405
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment STIG:
KNOX-09-001405
(in versions v1 r5 through v1 r1)
Title
Samsung Android Workspace must be configured to set the password history with a length of 0. (Cat II impact)
Discussion
Password History Length controls the number of most recently used passwords stored in the Password History list. The Password History list does not store the actual value of the previous passwords but instead calculates the hash value of the passwords. When the user attempts to set a new password, the hash value of the password is first calculated and the Password History list is checked to determine if it already contains a matching value, rejecting the password if it does. If the password is accepted, the oldest entry in the Password History list is removed, and the newly calculated password hash is added to the list. The MDFPP requires that values derived from passwords are destroyed when no longer needed; therefore, the calculated hash values of previous passwords should not be stored in the Password History list. This feature must be configured for a Samsung Android device to be in the NIAP-certified Common Criteria (CC) mode of operation. SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
Review the Samsung Android Workspace configuration settings to confirm that the password history is set to a length of "0". This procedure is performed on the MDM console only. On the MDM console, for the Workspace, in the "Knox password constraints" group, verify that "password history length" is set to "0". If on the MDM console "password history length" is not set to "0", this is a finding.
Fix Text
Configure Samsung Android Workspace to set the password history with a length of "0". On the MDM console, for the Workspace, in the "Knox password constraints" group, set "password history length" to "0".
Additional Identifiers
Rule ID: SV-217837r388482_rule
Vulnerability ID: V-217837
Group Title: PP-MDF-991000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |