Detections
Analytics
KNOX-07-017600 - The Samsung must be configured to disable authentication mechanisms providing user access. Disable Iris Scanner.
Information
The Iris Scanner allows a user to unlock a mobile device without entering a passcode when a registered user Iris is recognized. This technology would allow unauthorized users to have access to DoD sensitive data if compromised. By not permitting the use of non-password authentication mechanisms, users are forced to use passcodes that meet DoD passcode requirements.SFR ID: FMT_SMF_EXT.1.1 #23, FIA_UAU.5.1
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Configure the Samsung Android 7 with Knox to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor.Configure the Samsung Android 7 with Knox to disable the Iris Scanner.
On the MDM console, deselect the "Iris" checkbox in the "Android Password Restrictions" rule.
See Also
https://iasecontent.disa.mil/stigs/zip/U_Samsung_Android_OS_7_with_Knox_2-x_V1R1_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6(1), 800-53|CM-6b., 800-53|CM-7a., CAT|II, CCI|CCI-000366, CCI|CCI-000370, CCI|CCI-000381, Rule-ID|SV-91307r1_rule, STIG-ID|KNOX-07-017600, Vuln-ID|V-76611
Plugin: MDM
Control ID: 24ad1fa2806131bbaee3d29b422f318d4b9d4fa7e69704ac3b3c79201e047cee