| GOOG-12-002800 - Google Android 12 must be configured to enable audit logging. | AUDIT AND ACCOUNTABILITY |
| GOOG-12-006000 - Google Android 12 must be configured to enforce a minimum password length of six characters. | IDENTIFICATION AND AUTHENTICATION |
| GOOG-12-006100 - Google Android 12 must be configured to not allow passwords that include more than two repeating or sequential characters - Characters | CONFIGURATION MANAGEMENT |
| GOOG-12-006100 - Google Android 12 must be configured to not allow passwords that include more than two repeating or sequential characters - Numbers | CONFIGURATION MANAGEMENT |
| GOOG-12-006200 - Google Android 12 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity. | ACCESS CONTROL |
| GOOG-12-006300 - Google Android 12 must be configured to lock the display after 15 minutes (or less) of inactivity. | ACCESS CONTROL |
| GOOG-12-006400 - Google Android 12 must be configured to not allow more than 10 consecutive failed authentication attempts. | ACCESS CONTROL |
| GOOG-12-006500 - Google Android 12 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store]. | CONFIGURATION MANAGEMENT |
| GOOG-12-006600 - Google Android 12 must be configured to enforce an application installation policy by specifying an application allowlist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | CONFIGURATION MANAGEMENT |
| GOOG-12-006700 - Google Android 12 allowlist must be configured to not include applications with the following characteristics: 1. Back up mobile device (MD) data to non-DoD cloud servers (including user and application access to cloud backup services);2. Transmit MD diagnostic data to non-DoD servers;3. Voice assistant application if available when MD is locked;4. Voice dialing application if available when MD is locked;5. Allows synchronization of data or applications between devices associated with user; and6. Allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | CONFIGURATION MANAGEMENT |
| GOOG-12-006800 - Google Android 12 must be configured to not display the following (work profile) notifications when the device is locked: | ACCESS CONTROL |
| GOOG-12-007200 - Google Android 12 must be configured to disable trust agents. | IDENTIFICATION AND AUTHENTICATION |
| GOOG-12-007400 - Google Android 12 must be configured to disable developer modes. | CONFIGURATION MANAGEMENT |
| GOOG-12-007700 - Google Android 12 must be configured to display the DoD advisory warning message at startup or each time the user unlocks the device. | ACCESS CONTROL |
| GOOG-12-007800 - Google Android 12 must be configured to generate audit records for the following auditable events: detected integrity violations. | AUDIT AND ACCOUNTABILITY |
| GOOG-12-008400 - Google Android 12 must be configured to disable USB mass storage mode. | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-008500 - Google Android 12 must be configured to not allow backup of [all applications, configuration data] to locally connected systems. | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-008600 - Google Android 12 must be configured to not allow backup of [all applications, configuration data] to remote systems. | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-008900 - Google Android 12 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-009000 - Google Android 12 must be configured to disable multiuser modes. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GOOG-12-009400 - Google Android 12 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP). | CONFIGURATION MANAGEMENT |
| GOOG-12-009500 - Google Android 12 must be configured to disable ad hoc wireless client-to-client connection capability. | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-009800 - Google Android 12 users must complete required training. | CONFIGURATION MANAGEMENT |
| GOOG-12-009900 - Google Android 12 must be configured to enforce that Wi-Fi Sharing is disabled. | CONFIGURATION MANAGEMENT |
| GOOG-12-010000 - Google Android 12 must have the DoD root and intermediate PKI certificates installed. | CONFIGURATION MANAGEMENT |
| GOOG-12-010100 - The Google Android 12 Work Profile must be configured to prevent users from adding personal email accounts to the work email app. | CONFIGURATION MANAGEMENT |
| GOOG-12-010200 - Google Android 12 work profile must be configured to enforce the system application disable list. | CONFIGURATION MANAGEMENT |
| GOOG-12-010300 - Google Android 12 must be provisioned as a fully managed device and configured to create a work profile. | CONFIGURATION MANAGEMENT |
| GOOG-12-010400 - Google Android 12 work profile must be configured to disable automatic completion of work space Internet browser text input. | CONFIGURATION MANAGEMENT |
| GOOG-12-010500 - Google Android 12 Work Profile must be configured to disable the autofill services. | CONFIGURATION MANAGEMENT |
| GOOG-12-010600 - Google Android 12 must be configured to disallow configuration of date and time. | CONFIGURATION MANAGEMENT |
| GOOG-12-010800 - Android 12 devices must have the latest available Google Android 12 operating system installed. | CONFIGURATION MANAGEMENT |
| GOOG-12-010900 - Android 12 devices must be configured to disable the use of third-party keyboards. | CONFIGURATION MANAGEMENT |
| GOOG-12-011000 - Android 12 devices must be configured to enable Common Criteria Mode (CC Mode). | CONFIGURATION MANAGEMENT |
| GOOG-12-012100 - Google Android 12 must allow only the administrator (EMM) to install/remove DoD root and intermediate PKI certificates. | CONFIGURATION MANAGEMENT |
| GOOG-12-012200 - Google Android 12 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)]. | ACCESS CONTROL |
| GOOG-12-999999 - All Google Android 12 installations must be removed. | CONFIGURATION MANAGEMENT |
