GOOG-10-009200 - The Google Android 10 Work Profile must be configured to prevent users from adding personal email accounts to the work email app.

Information

If the user is able to add a personal email account (POP3, IMAP, EAS) to the work email app, it could be used to forward sensitive DoD data to unauthorized recipients. Restricting email account addition to the administrator or restricting email account addition to whitelisted accounts mitigates this vulnerability.

SFR ID: FMT_SMF_EXT.1.1 #47

Solution

Configure Google Android 10 Work Profile to prevent users from adding personal email accounts to the work email app.

On the MDM console, for the Work Profile, do the following:
1. Open User restrictions.
2. Set 'Disallow modify accounts' to on.

Refer to the MDM documentation to determine how to provision users' work email accounts for the work email app.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Android_11_Y23M01_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-237024r639218_rule, STIG-ID|GOOG-10-009200, STIG-Legacy|SV-108073, STIG-Legacy|V-98969, Vuln-ID|V-237024

Plugin: MDM

Control ID: cb296011a146f4fffb2c9f3f953a53bda492cdf33446e03ac928d989b0b67bf9