Check: KNOX-12-110090
Samsung Android 12 with Knox 3.x COBO STIG:
KNOX-12-110090
(in version v1 r1)
Title
Samsung Android must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor, including trust agents. (Cat II impact)
Discussion
Trust agents allow a user to unlock a mobile device without entering a passcode when the mobile device is, for example, connected to a user-selected Bluetooth device or in a user-selected location. This technology would allow unauthorized users to have access to DoD sensitive data if compromised. By not permitting the use of non-password authentication mechanisms, this risk is mitigated - as users are forced to use passcodes that meet DoD passcode requirements SFR ID: FMT_SMF_EXT.1.1 #22, FIA_UAU.5.1
Check Content
Review the configuration to determine if the Samsung Android devices are disabling Trust Agents. This validation procedure is performed on both the management tool and the Samsung Android device. On the management tool, in the device restrictions, verify that "Trust Agents" are set to "Disable". On the Samsung Android device: 1. Open Settings >> Biometrics and security >> Other security settings >> Trust agents. 2. Verify that all listed Trust Agents are disabled and cannot be enabled. If on the management tool "Trust Agents" are not set to "Disable", or on the Samsung Android device a "Trust Agent" can be enabled, this is a finding.
Fix Text
Configure the Samsung Android devices to disable Trust Agents. On the management tool, in the device restrictions, set "Trust Agents" to "Disable".
Additional Identifiers
Rule ID: SV-251811r814189_rule
Vulnerability ID: V-251811
Group Title: PP-MDF-323110
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000767 |
The information system implements multifactor authentication for local access to privileged accounts. |
Controls
Number | Title |
---|---|
IA-2 (3) |
Local Access To Privileged Accounts |