Check: GOOG-13-802800
Google Android 13 MDFPP 3.3 BYOAD STIG:
GOOG-13-802800
(in version v1 r1)
Title
The mobile device used for BYOAD must be NIAP validated. (Cat I impact)
Discussion
Nonapproved mobile devices may not include sufficient controls to protect work data, applications, and networks from malware or adversary attack. Components must only approve devices listed on the NIAP product compliant list or products listed in evaluation at the following links respectfully: - https://www.niap-ccevs.org/Product/ - https://www.niap-ccevs.org/Product/PINE.cfm Reference: DOD policy "Use of Non-Government Mobile Devices" (3.b.(1)i). SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
Verify the mobile device used for BYOAD is NIAP validated (included on the NIAP list of compliant products or products in evaluation). If the mobile device used for BYOAD is not NIAP validated (included on the NIAP list of compliant products or products in evaluation), this is a finding.
Fix Text
Use only mobile devices for BYOAD that are NIAP validated (included on the NIAP list of compliant products or products in evaluation).
Additional Identifiers
Rule ID: SV-258474r929238_rule
Vulnerability ID: V-258474
Group Title: PP-BYO-000200
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |