Title

Google Android Pie devices must have a NIAP validated Google Android Pie operating system installed. (Cat I impact)

Discussion

Required security features are not available in earlier operating system versions. In addition, there may be known vulnerabilities in earlier versions. SFR ID: FMT_SMF_EXT.1.1 #47

Check Content

Review device configuration settings to confirm that version PQ3A.190605.003.A3is installed (it is the NIAP approved version). Note: This version of Android can only be installed on Pixel 3 devices purchased directly from Google. This procedure is performed on both the MDM console and the Google Android Pie device. In the MDM management console, review the version of Google Android Pie installed on a sample of managed devices. On the Google Android Pie device, to see the installed operating system version: 1. Open Settings. 2. Tap "About phone". 3. Verify "Build number". If the installed version of the Android operating system on any reviewed Samsung devices is not the latest released by the wireless carrier, this is a finding. Google's Android operating system patch website: https://source.android.com/security/bulletin/ If the installed version of the Android Pie operating system is not the NIAP approved version, this is a finding.

Fix Text

Install the latest released version of the Google Android Pie operating system on all managed Google devices. For Google Android Pie, version PQ3A.190605.003.A3 must be installed (it is the NIAP approved version). Note: This version of Android can only be installed on Pixel 3 devices purchased directly from Google. Note: In Google Android devicet cases, operating system updates are released by the wireless carrier (for example, Sprint, T-Mobile, Verizon Wireless, and ATT).

Additional Identifiers

Rule ID: SV-106473r1_rule

Vulnerability ID: V-97369

Group Title: PP-MDF-991000

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.