An error occurred:

Check: LGA6-99-100007

LG Android 6-x STIG: LGA6-99-100007 (in versions v1 r2 through v1 r1)

Title

LG Android 6.x must implement the management setting: Disable Removal of device administrator rights. (Cat II impact)

Discussion

Security-related parameters are those parameters impacting the security state of the system and include parameters related to the implementation of other IA controls. If these controls are not implemented, the system may be vulnerable to a variety of attacks. The use of an MDM allows an organization to assign values to security-related parameters across all the devices it manages. This provides assurance that the required mobile OS security controls are being enforced and that the device user or an adversary has not modified or disabled the controls. It also greatly increases efficiency and manageability of devices in a large-scale environment relative to an environment in which each device must be configured separately. For these reasons, a user must not be allowed to remove the MDM from the device. SFR ID: FMT_SMF_EXT.1.1 #45

Check Content

This validation procedure is performed on both the MDM Administration Console and the LG Android device. On the MDM console, do the following: 1. Ask the MDM administrator to display the "Allow Removal of device administrator rights" settings in the "Android Restrictions" rule. 2. Verify the value is disabled. 3. Verify the policy has been assigned to all groups. On the LG Android device: 1. Navigate to Settings >> General >> Security (or Fingerprint and security). 2. Select "Phone administrators". 3. Verify the enterprise MDM agent is on and cannot be turned off (grayed out). (Note: Name of agent app will depend on the MDM vendor used.) If on the MDM console the "Allow Removal of device administrator rights" setting is enabled or on the LG Android device the MDM agent can be disabled, this is a finding.

Fix Text

Configure the mobile operating system to disable Removal of device administrator rights. On the MDM Administration Console, disable "Removal of device administrator rights".

Additional Identifiers

Rule ID: SV-81371r2_rule

Vulnerability ID: V-66881

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings