GOOG-09-009200 - The Google Android Pie Work Profile must be configured to prevent users from adding personal email accounts to the work email app.

Information

If the user is able to add a personal email account (POP3, IMAP, EAS) to the work email app, it could be used to forward sensitive DoD data to unauthorized recipients. Restricting email account addition to the administrator or restricting email account addition to whitelisted accounts mitigates this vulnerability.

SFR ID: FMT_SMF_EXT.1.1 #47

Solution

Configure Google Android Pie Work Profile to prevent users from adding personal email accounts to the work email app.

On the MDM console, for the Work Profile, do the following:
1. Open the User restrictions setting.
2. Set 'Disallow modify accounts' to on.

Refer to the MDM documentation to determine how to provision users' work email accounts for the work email app.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Android_9-x_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-228302r494975_rule, STIG-ID|GOOG-09-009200, STIG-Legacy|SV-106457, STIG-Legacy|V-97353, Vuln-ID|V-228302

Plugin: MDM

Control ID: 45d31fe6f1765c459fa133c853441631a09e23179f5c0991b5d59fc3f6c90010