Samsung Android must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor, including face recognition.

An XCCDF Rule

Description

The biometric factor can be used to authenticate the user in order to unlock the mobile device. Unapproved/evaluated biometric mechanisms could allow unauthorized users to have access to DoD sensitive data if compromised. By not permitting the use of unapproved/evaluated biometric authentication mechanisms, this risk is mitigated. SFR ID: FMT_SMF_EXT.1.1 #22, FIA_UAU.5.1

ID: SV-251810r814186_rule
Version: KNOX-12-110080
Severity: Medium
References: CCI-000767
Updated: 6 days ago

Remediation Templates

Configure the Samsung Android devices to disable Face Recognition.

This policy is included to allow a Samsung Android device to be deployed without an activated KPE premium license. If a license is activated, Facial Recognition will be automatically disabled. In this case, this policy does not need to be configured for STIG compliance, as Face as a biometric will be disabled.

On the management tool, in the device restrictions, set "Face" to "Disable".

Samsung Android must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor, including face recognition.

Description

Remediation Templates

A Manual Procedure