AirWatch - DISA Google Android 13 BYOD v1r2

Audit Details

Name: AirWatch - DISA Google Android 13 BYOD v1r2

Updated: 6/18/2024

Authority: DISA STIG

Plugin: MDM

Revision: 1.1

Estimated Item Count: 23

File Details

Filename: DISA_STIG_Google_Android_13_BYOD_v1r2-AirWatch.audit

Size: 54.3 kB

MD5: 25149471bf843225d6671354ab77a596
SHA256: 28bd18ddc8defe50b7f24accff68cd7870af85218791a17a010e4e197dab3452

Audit Items

DescriptionCategories
GOOG-13-701100 - Google Android 13 must prohibit DOD VPN profiles in the Personal Profile.

CONFIGURATION MANAGEMENT

GOOG-13-706000 - Google Android 13 must be configured to enforce a minimum password length of six characters and not allow passwords that include more than four repeating or sequential characters.

IDENTIFICATION AND AUTHENTICATION

GOOG-13-706200 - Google Android 13 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.

ACCESS CONTROL

GOOG-13-706300 - Google Android 13 must be configured to lock the display after 15 minutes (or less) of inactivity - or less of inactivity.

ACCESS CONTROL

GOOG-13-706400 - Google Android 13 must be configured to not allow more than 10 consecutive failed authentication attempts.

ACCESS CONTROL

GOOG-13-706500 - Google Android 13 must be configured to enforce an application installation policy by specifying one or more authorized application repositories.

CONFIGURATION MANAGEMENT

GOOG-13-706600 - Google Android 13 must be configured to enforce an application installation policy by specifying an application allowlist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version].

CONFIGURATION MANAGEMENT

GOOG-13-706700 - Google Android 13 allowlist must be configured to not include applications with the following characteristics (work profile only):

CONFIGURATION MANAGEMENT

GOOG-13-706800 - Google Android 13 must be configured to not display the following (work profile) notifications when the device is locked:

ACCESS CONTROL

GOOG-13-707200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.

IDENTIFICATION AND AUTHENTICATION

GOOG-13-707700 - Google Android 13 must be configured to display the DOD advisory warning message at startup or each time the user unlocks the Work Profile.

ACCESS CONTROL

GOOG-13-708600 - Google Android 13 must be configured to not allow backup of all work profile applications to remote systems.

SYSTEM AND COMMUNICATIONS PROTECTION

GOOG-13-708900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

GOOG-13-709800 - Google Android 13 users must complete required training.

CONFIGURATION MANAGEMENT

GOOG-13-710000 - Google Android 13 must have the DOD root and intermediate PKI certificates installed (work profile only).

CONFIGURATION MANAGEMENT

GOOG-13-710100 - The Google Android 13 work profile must be configured to prevent users from adding personal email accounts to the work email app.

CONFIGURATION MANAGEMENT

GOOG-13-710200 - The Google Android 13 work profile must be configured to enforce the system application disable list (work profile only).

CONFIGURATION MANAGEMENT

GOOG-13-710300 - Google Android 13 must be provisioned as a BYOAD device (Android work profile for employee-owned devices [BYOD]).

CONFIGURATION MANAGEMENT

GOOG-13-710400 - The Google Android 13 work profile must be configured to disable automatic completion of workspace internet browser text input.

CONFIGURATION MANAGEMENT

GOOG-13-710500 - The Google Android 13 work profile must be configured to disable the autofill services.

CONFIGURATION MANAGEMENT

GOOG-13-710800 - Android 13 devices must have the latest available Google Android 13 operating system installed.

CONFIGURATION MANAGEMENT

GOOG-13-710900 - Android 13 devices must be configured to disable the use of third-party keyboards (work profile only).

CONFIGURATION MANAGEMENT

GOOG-13-712300 - The Google Android 13 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates (work profile) - EMM to install/remove DOD root and intermediate PKI certificates.

CONFIGURATION MANAGEMENT