Detections
Analytics
KNOX-07-003300 - The Samsung must be configured to disable authentication mechanisms providing user access to protected data - Password
Information
Trust Agents allows a user to unlock a mobile device without entering a passcode when the mobile device is, for example, connected to a user selected Bluetooth device or in a user selected location. This technology would allow unauthorized users to have access to DoD sensitive data if compromised. By not permitting the use of non-password authentication mechanisms, users are forced to use passcodes that meet DoD passcode requirements.SFR ID: FMT_SMF_EXT.1.1 #23, FIA_UAU.5.1
Solution
Configure the Samsung Android 7 with Knox to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor.Configure the Samsung Android 7 with Knox to disable Trust Agents.
On the MDM console, select the "Disable Keyguard Trust Agents" setting in the "Android Password Restrictions" rule.
Note: Disabling Trust Agents will disable Smart Lock.
See Also
https://iasecontent.disa.mil/stigs/zip/U_Samsung_Android_OS_7_with_Knox_2-x_V1R1_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6(1), 800-53|CM-6b., 800-53|CM-7a., CAT|II, CCI|CCI-000366, CCI|CCI-000370, CCI|CCI-000381, Rule-ID|SV-91243r1_rule, STIG-ID|KNOX-07-003300, Vuln-ID|V-76547
Plugin: MDM
Control ID: 64e51c6b3ea696a976d52bdff0867fe184884079462c4af1d0502ebec6dae713