Check: GOOG-13-707200
Google Android 13 BYOAD STIG:
GOOG-13-707200
(in versions v1 r2 through v1 r1)
Title
Google Android 13 must be configured to disable trust agents. (Cat II impact)
Discussion
Trust agents allow a user to unlock a mobile device without entering a passcode when the mobile device is, for example, connected to a user-selected Bluetooth device or in a user-selected location. This technology would allow unauthorized users to have access to DOD sensitive data if compromised. By not permitting the use of nonpassword authentication mechanisms, users are forced to use passcodes that meet DOD passcode requirements. SFR ID: FMT_SMF_EXT.1.1 #22, FIA_UAU.5.1
Check Content
Review device configuration settings to confirm that trust agents are disabled at the same location where the DOD password is implemented (device or work profile). This procedure is performed on both the EMM Administration console and the managed Google Android 13 device. On the EMM console: 1. Open "Lock screen restrictions". 2. Select "Personal Profile". 3. Verify that "Disable trust agents" is toggled to "ON". 4. Open "Lock screen restrictions". 5. Select "Work Profile". 6. Verify that "Disable trust agents" is toggled to "ON". On the managed Google Android 13 device: 1. Open Settings. 2. Tap "Security & privacy". 3. Tap "More security settings". 4. Tap "Trust agents". 5. Verify that all listed trust agents are disabled and cannot be enabled. If on the EMM console, "disable trust agents" is not selected, or on the managed Google Android 13 device a trust agent can be enabled, this is a finding.
Fix Text
Configure the Google Android 13 device to disable trust agents at the same location where the DOD password is implemented (device or work profile). On the EMM console: 1. Open "Lock screen restrictions". 2. Select "Personal Profile". 3. Toggle "Disable trust agents" to "ON". 4. Open "Lock screen restrictions". 5. Select "Work Profile". 6. Toggle "Disable trust agents" to "ON".
Additional Identifiers
Rule ID: SV-258484r930570_rule
Vulnerability ID: V-258484
Group Title: PP-MDF-333110
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000767 |
The information system implements multifactor authentication for local access to privileged accounts. |
Controls
Number | Title |
---|---|
IA-2 (3) |
Local Access To Privileged Accounts |