Check: GOOG-13-802300
Google Android 13 MDFPP 3.3 BYOAD STIG:
GOOG-13-802300
(in version v1 r1)
Title
The Google Android 13 BYOAD must be configured to disable device cameras and/or microphones when brought into DOD facilities where mobile phone cameras and/or microphones are prohibited. (Cat II impact)
Discussion
In some DOD operational environments, the use of the mobile device camera or microphone could lead to a security incident or compromise of DOD information. The System Administrator must have the capability to disable the mobile device camera and/or microphone based on mission needs. Alternatively, mobile devices with cameras or microphones that cannot be disabled must be prohibited from the facility by the ISSO/ISSM. If BYOAD devices are brought into facilities where the AO has determined the risk of using mobile device cameras or microphones is unacceptable, this could lead to the exposure of sensitive DOD data. SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
Verify Google Android 13 BYOADs are prohibited in DOD facilities that prohibit mobile devices with cameras and microphones. If for DOD sites that prohibit mobile devices with cameras and microphones, Google Android 13 BYOADs have not been prohibited from the facility by the ISSO/ISSM, this is a finding.
Fix Text
Do not allow Google Android 13 BYOADs in DOD facilities where mobile phone cameras and/or microphones are prohibited.
Additional Identifiers
Rule ID: SV-258473r929235_rule
Vulnerability ID: V-258473
Group Title: PP-BYO-000230
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000382 |
The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |