KNOX-07-017600 - The Samsung must be configured to disable authentication mechanisms providing user access. Disable Iris Scanner.

Information

The Iris Scanner allows a user to unlock a mobile device without entering a passcode when a registered user Iris is recognized. This technology would allow unauthorized users to have access to DoD sensitive data if compromised. By not permitting the use of non-password authentication mechanisms, users are forced to use passcodes that meet DoD passcode requirements.

SFR ID: FMT_SMF_EXT.1.1 #23, FIA_UAU.5.1

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the Samsung Android 7 with Knox to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor.

Configure the Samsung Android 7 with Knox to disable the Iris Scanner.

On the MDM console, deselect the "Iris" checkbox in the "Android Password Restrictions" rule.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Samsung_Android_OS_7_with_Knox_2-x_V1R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6(1), 800-53|CM-6b., 800-53|CM-7a., CAT|II, CCI|CCI-000366, CCI|CCI-000370, CCI|CCI-000381, Rule-ID|SV-91307r1_rule, STIG-ID|KNOX-07-017600, Vuln-ID|V-76611

Plugin: MDM

Control ID: 24ad1fa2806131bbaee3d29b422f318d4b9d4fa7e69704ac3b3c79201e047cee