Check: GOOG-09-008800
Google Android 9.x STIG:
GOOG-09-008800
(in versions v2 r1 through v1 r1)
Title
Google Android Pie must be configured to enforce that Wi-Fi Sharing is disabled. (Cat II impact)
Discussion
Wi-Fi Sharing is an optional configuration of Wi-Fi Tethering/Mobile Hotspot, which allows the device to share its Wi-Fi connection with other wirelessly connected devices instead of its mobile (cellular) connection. Wi-Fi Sharing grants the "other" device access to a corporate Wi-Fi network and may possibly bypass the network access control mechanisms. This risk can be partially mitigated by requiring the use of a preshared key for personal hotspots. SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
Review device configuration settings to confirm Wi-Fi Sharing is disabled. Mobile Hotspot must be enabled in order to enable Wi-Fi Sharing. If the Authorizing Official (AO) has not approved Mobile Hotspot, and it has been verified as disabled on the MDM console, no further action is needed. If Mobile Hotspot is being used, use the following procedure to verify Wi-Fi Sharing is disabled: On the MDM console: 1. Open the User restrictions setting. 2. Verify "Disallow config tethering" to on. On the Google Android Pie device, do the following: 1. Open Settings. 2. Tap "Networks & internet". 3. Verify that "Hotspots & tethering" is disabled. If on the Google Android Pie device "Wi-Fi sharing" is enabled, this is a finding.
Fix Text
Configure Google Android Pie to disable Wi-Fi Sharing. Mobile Hotspot must be enabled in order to enable Wi-Fi Sharing. If the AO has not approved Mobile Hotspot, and it has been disabled on the MDM console, no further action is needed. If Mobile Hotspot is being used, use the following procedure to disable Wi-Fi Sharing: On the MDM console: 1. Open the User restrictions setting. 2. Set "Disallow config tethering" to on.
Additional Identifiers
Rule ID: SV-106451r1_rule
Vulnerability ID: V-97347
Group Title: PP-MDF-991000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |