HONW-09-007150 - The Honeywell Android Pie must wipe all data upon unenrollment from MDM.

Information

When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, so it is at much greater risk of unauthorized access and disclosure. At least one of the two options must be selected.

SFR ID: FMT_SMF_EXT.2.1

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

On the MDM console:
Enable 'Disallow remove managed profile'.

Prior to unenrollment, the MDM administrator should issue a factory reset to ensure all data is wiped by doing the following in the MDM console:
Wipe data.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_HW_Android_9-x_Y24M01_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT, MEDIA PROTECTION

References: 800-53|CM-6(1), 800-53|CM-6b., 800-53|MP-6(3), CAT|II, CCI|CCI-000366, CCI|CCI-000370, CCI|CCI-001033, Rule-ID|SV-235053r626530_rule, STIG-ID|HONW-09-007150, Vuln-ID|V-235053

Plugin: MDM

Control ID: 53a5e7e3b11f255c47a151c4cd2e274d849d9a7367a4bab3295b7ec6c791cf50