AirWatch - DISA Google Android 14 COBO v2r1

Audit Details

Name: AirWatch - DISA Google Android 14 COBO v2r1

Updated: 8/28/2024

Authority: DISA STIG

Plugin: MDM

Revision: 1.0

Estimated Item Count: 31

File Details

Filename: DISA_STIG_Google_Android_14_COBO_v2r1-AirWatch.audit

Size: 69.4 kB

MD5: 2bf9dd5bd16554b49af104c69a4a0a91
SHA256: bd0a721cbc384590efb13e83a2e7d493b9609a81228cc69522286f93b56545f4

Audit Items

DescriptionCategories
GOOG-14-002800 - Google Android 14 must be configured to enable audit logging.

AUDIT AND ACCOUNTABILITY

GOOG-14-006000 - Google Android 14 must be configured to enforce a minimum password length of six characters.

IDENTIFICATION AND AUTHENTICATION

GOOG-14-006100 - Google Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters - Characters

IDENTIFICATION AND AUTHENTICATION

GOOG-14-006100 - Google Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters - Numbers

IDENTIFICATION AND AUTHENTICATION

GOOG-14-006300 - Google Android 14 must be configured to lock the display after 15 minutes (or less) of inactivity - or less of inactivity.

ACCESS CONTROL

GOOG-14-006400 - Google Android 14 must be configured to not allow more than 10 consecutive failed authentication attempts.

ACCESS CONTROL

GOOG-14-006500 - Google Android 14 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store].

CONFIGURATION MANAGEMENT

GOOG-14-006600 - Google Android 14 must be configured to enforce an application installation policy by specifying an application allowlist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version].

CONFIGURATION MANAGEMENT

GOOG-14-006700 - Google Android 14 allowlist must be configured to not include applications with the following characteristics:

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

GOOG-14-006800 - Google Android 14 must be configured to not display the following (work profile) notifications when the device is locked:

ACCESS CONTROL

GOOG-14-007200 - Google Android 14 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.

IDENTIFICATION AND AUTHENTICATION

GOOG-14-007400 - Google Android 14 must be configured to disable developer modes.

CONFIGURATION MANAGEMENT

GOOG-14-007700 - Google Android 14 must be configured to display the DOD advisory warning message at startup or each time the user unlocks the device.

ACCESS CONTROL

GOOG-14-007800 - Google Android 14 must be configured to generate audit records for the following auditable events: Detected integrity violations.

AUDIT AND ACCOUNTABILITY

GOOG-14-008400 - Google Android 14 must be configured to disable USB mass storage mode.

SYSTEM AND COMMUNICATIONS PROTECTION

GOOG-14-008500 - Google Android 14 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.

SYSTEM AND COMMUNICATIONS PROTECTION

GOOG-14-008600 - Google Android 14 must be configured to not allow backup of [all applications, configuration data] to remote systems.

SYSTEM AND COMMUNICATIONS PROTECTION

GOOG-14-009000 - Google Android 14 must be configured to disable multiuser modes.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

GOOG-14-009400 - Google Android 14 must be configured to disable all Bluetooth profiles except for HSP (Headset Profile), HFP (Hands-Free Profile), SPP (Serial Port Profile), A2DP (Advanced Audio Distribution Profile), AVRCP (Audio/Video Remote Control Profile), and PBAP (Phone Book Access Profile) - SPP.

CONFIGURATION MANAGEMENT

GOOG-14-009500 - Google Android 14 must be configured to disable ad hoc wireless client-to-client connection capability.

SYSTEM AND COMMUNICATIONS PROTECTION

GOOG-14-009800 - Google Android 14 users must complete required training.

CONFIGURATION MANAGEMENT

GOOG-14-009900 - Google Android 14 must be configured to enforce that Wi-Fi Sharing is disabled.

CONFIGURATION MANAGEMENT

GOOG-14-010000 - Google Android 14 must have the DOD root and intermediate PKI certificates installed.

CONFIGURATION MANAGEMENT

GOOG-14-010200 - The Google Android 14 work profile must be configured to enforce the system application disable list.

CONFIGURATION MANAGEMENT

GOOG-14-010600 - Google Android 14 must be configured to disallow configuration of date and time.

CONFIGURATION MANAGEMENT

GOOG-14-010800 - Android 14 devices must have the latest available Google Android 14 operating system installed.

CONFIGURATION MANAGEMENT

GOOG-14-010900 - Android 14 devices must be configured to disable the use of third-party keyboards.

CONFIGURATION MANAGEMENT

GOOG-14-011000 - Android 14 devices must be configured to enable Common Criteria Mode (CC Mode) - CC Mode.

CONFIGURATION MANAGEMENT

GOOG-14-012200 - Google Android 14 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)] - for example, USB].

ACCESS CONTROL

GOOG-14-012300 - The Google Android 14 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates - EMM to install/remove DOD root and intermediate PKI certificates.

CONFIGURATION MANAGEMENT

GOOG-14-012400 - Google Android 14 must allow only the administrator (MDM) to perform the following management function: Disable Phone Hub - MDM to perform the following management function: Disable Phone Hub.

SYSTEM AND COMMUNICATIONS PROTECTION