KNOX-07-003300 - The Samsung must be configured to disable authentication mechanisms providing user access to protected data - Trust Agents

Information

Trust Agents allows a user to unlock a mobile device without entering a passcode when the mobile device is, for example, connected to a user selected Bluetooth device or in a user selected location. This technology would allow unauthorized users to have access to DoD sensitive data if compromised. By not permitting the use of non-password authentication mechanisms, users are forced to use passcodes that meet DoD passcode requirements.

SFR ID: FMT_SMF_EXT.1.1 #23, FIA_UAU.5.1

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the Samsung Android 7 with Knox to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor.

Configure the Samsung Android 7 with Knox to disable Trust Agents.

On the MDM console, select the "Disable Keyguard Trust Agents" setting in the "Android Password Restrictions" rule.

Note: Disabling Trust Agents will disable Smart Lock.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Samsung_Android_OS_7_with_Knox_2-x_V1R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6(1), 800-53|CM-6b., 800-53|CM-7a., CAT|II, CCI|CCI-000366, CCI|CCI-000370, CCI|CCI-000381, Rule-ID|SV-91243r1_rule, STIG-ID|KNOX-07-003300, Vuln-ID|V-76547

Plugin: MDM

Control ID: 64e51c6b3ea696a976d52bdff0867fe184884079462c4af1d0502ebec6dae713