Check: KNOX-09-000500
Samsung OS 9 with Knox 3.x COBO Use Case KPE(AE) Deployment STIG:
KNOX-09-000500
(in versions v1 r4 through v1 r1)
Title
Samsung Android must be configured to disable Face Recognition. Note: This requirement is not applicable (NA) for specific biometric authentication factors included in the products Common Criteria evaluation. (Cat II impact)
Discussion
The Face Recognition feature allows a user's face to be registered and used to unlock the device. This technology would allow unauthorized users to have access to DoD sensitive data if compromised. By not permitting the use of non-password authentication mechanisms, users are forced to use passcodes that meet DoD passcode requirements. SFR ID: FMT_SMF_EXT.1.1 #23, FIA_UAU.5.1
Check Content
Review device configuration settings to confirm that Face Recognition is disabled. This procedure is performed on both the MDM Administration console and the Samsung Android device. On the MDM console, for the device, in the "Android lock restrictions" group, verify that "disable face" is selected. On the Samsung Android device, do the following: 1. Open Settings. 2. Tap "Lock screen". 3. Tap "Screen lock type". 4. Enter current password. 5. Verify that "Face" is disabled and cannot be enabled. If on the MDM console "disable face" is not selected, or on the Samsung Android device "Face" can be enabled, this is a finding.
Fix Text
Configure Samsung Android to disable Face Recognition. On the MDM console, for the device, in the "Android lock screen restriction" group, select "disable face".
Additional Identifiers
Rule ID: SV-217674r617455_rule
Vulnerability ID: V-217674
Group Title: PP-MDF-301150
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-000370 |
The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components. |
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |