Check: GOOG-13-701100
Google Android 13 BYOAD STIG:
GOOG-13-701100
(in version v1 r1)
Title
Google Android 13 must prohibit DOD VPN profiles in the Personal Profile. (Cat III impact)
Discussion
If DOD VPN profiles are configured in the Personal Profile DOD sensitive data world be at risk of compromise and the DOD network could be at risk of being attacked by malware installed on the device. SFR ID: FMT_SMF_EXT.1.1 #3
Check Content
Review the list of VPN profiles in the Personal Profile and determine if any VPN profiles are listed. If so, verify the VPN profiles are not configured with a DOD network VPN profile. This validation procedure is performed on the iOS device only. On the iPhone and iPad: 1. Open the Settings app. 2. Tap "Network & internet". 3. Tap "VPN" and determine if any VPN profiles exist. 4. If not, the requirement has been met. 5. If there are VPN profiles, open each VPN profile. 6. Verify no DOD network VPN profiles are listed. If any VPN profiles are installed in the Personal Profile and they have a DOD network VPN profile configured, this is a finding. Note: This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.
Fix Text
Do not configure DOD VPN profiles in the Personal Profile.
Additional Identifiers
Rule ID: SV-258475r929241_rule
Vulnerability ID: V-258475
Group Title: PP-MDF-331090
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-000370 |
The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components. |