Title

The Google Android Pie must be configured to not allow backup of all applications and configuration data to remote systems. (Cat II impact)

Discussion

Backups to remote systems (including cloud backup) can leave data vulnerable to breach on the external systems, which often offer less protection than the Google Android device. Where the remote backup involves a cloud-based solution, the backup capability is often used to synchronize data across multiple devices. In this case, DoD devices may synchronize DoD sensitive information to a user's personal device or other unauthorized computers that are vulnerable to breach. Disallowing remote backup mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #40

Check Content

Review Google Android device configuration settings to determine if the capability to back up to a remote system has been disabled. This validation procedure is performed on both the MDM Administration Console and the Android Pie device. On the MDM console, do the following: 1. Open Device Restrictions. 2. Open Restrictions Settings. 3. Ensure "Disallow backup servicer" is not selected. On the Android Pie device, do the following: 1. Go to Settings >> System. 2. Ensure Backup is set to "Off". If the MDM console device policy is not set to disable the capability to back up to a remote system or on the Android Pie device, the device policy is not set to disable the capability to back up to a remote system, this is a finding.

Fix Text

Configure the Google Android device to disable backup to remote systems (including commercial clouds). NOTE: On a Restrictions, data in the work profile cannot be backed up by default. On the MDM console: 1. Open Device Restrictions. 2. Open Restrictions Settings. 3. Ensure "Enable backup service" is not selected.

Additional Identifiers

Rule ID: SV-106439r1_rule

Vulnerability ID: V-97335

Group Title: PP-MDF-301230

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.