Check: GOOG-13-800900
Google Android 13 MDFPP 3.3 BYOAD STIG:
GOOG-13-800900
(in version v1 r1)
Title
The Google Android 13 BYOAD must be configured to either disable access to DOD data and IT systems and user accounts or wipe the work profile if the EMM system detects the Google Android 13 BYOAD device has known malicious, blocked, or prohibited applications, or configured to access nonapproved third-party applications stores in the work profile. (Cat II impact)
Discussion
When a BYOAD is out of compliance, DOD data and apps must be removed to protect against compromise of sensitive DOD information. Reference: DOD policy "Use of Non-Government Mobile Devices" (3.a.(3)iii). SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
Verify the EMM system has been configured to either disable access to DOD data and IT systems and user accounts or the work profile if it has detected the Google Android 13 BYOAD device has known malicious, blocked, or prohibited managed applications, or configured to access nonapproved third-party applications stores for managed apps. The exact procedure will depend on the EMM system used at the site. If the EMM system has not been configured to either disable access to DOD data and IT systems and user accounts or wipe the work profile if it has detected the Google Android 13 BYOAD device has known malicious, blocked, or prohibited managed applications, or configured to access nonapproved third-party applications stores for managed apps, this is a finding.
Fix Text
Configure the EMM system to either disable access to DOD data and IT systems and user accounts or wipe the work profile if it has detected the Google Android 13 BYOAD device has known malicious, blocked, or prohibited managed applications, or configured to access nonapproved third-party applications stores for managed apps. The exact procedure will depend on the EMM system used at the site.
Additional Identifiers
Rule ID: SV-258467r929217_rule
Vulnerability ID: V-258467
Group Title: PP-BYO-000090
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |