MSFT-11-003700 - Microsoft Android 11 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Data on mobile devices is protected by numerous mechanisms, including user authentication, access control, and cryptography. When the data is backed up to an external system (either locally connected or cloud-based), many if not all of these mechanisms are no longer present. This leaves the backed-up data vulnerable to attack. Disabling backup to external systems mitigates this risk.

SFR ID: FMT_SMF_EXT.1.1 #40

Solution

Configure the Microsoft Android 11 device to disable backup to locally connected systems.

Note: On Restrictions, the backup features for Android are not in the framework.

On the EMM console:
1. Open 'Device owner management' section.
2. Toggle 'Enable backup service' to 'Off'.
3. Open 'User restrictions on parent'.
4. Select 'Disallow usb file transfer'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Android_11_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001090, Rule-ID|SV-255216r870829_rule, STIG-ID|MSFT-11-003700, Vuln-ID|V-255216

Plugin: MDM

Control ID: 13bfb6fb2a1db3fff47d4f7b4f174a434c5f2f51e20d43da5281128788ea26e9