Check: GOOG-09-009600
Google Android 9.x STIG:
GOOG-09-009600
(in versions v2 r1 through v1 r1)
Title
Google Android Pie must be provisioned as a fully managed device and configured to create a work profile. (Cat II impact)
Discussion
The Android Enterprise Work Profile is the designated application group for the COPE use case. SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
Review that Google Android Pie is configured as Corporate Owned Work Managed. This procedure is performed on both the MDM Administrator console and the Google Android Pie device. On the MDM console, verify that the default enrollment is set to Corporate Owned Work Managed. On the Google Android Pie device, do the following: 1. Go to the application drawer. 2. Ensure that you see a Personal and a Work Tab. If on the MDM console the account the default enrollment is set to Corporate Owned Work Managed or on the Google Android Pie device the user does not see a Work tab, this is a finding.
Fix Text
Configure Google Android Pie in a Corporate Owned Work Managed configuration. On the MDM console, configure the default enrollment as Corporate Owned Work Managed. Refer to the MDM documentation to determine how to configure the device to enroll as Corporate Owned Work Managed.
Additional Identifiers
Rule ID: SV-106461r1_rule
Vulnerability ID: V-97357
Group Title: PP-MDF-991000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |