STIGQter: STIG Summary: Google Android 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2019:

The Google Android Pie must be configured to not allow backup of [all applications, configuration data] to locally connected systems.

DISA Rule

SV-106437r1_rule

Vulnerability Number

V-97333

Group Title

PP-MDF-301220

Rule Version

GOOG-09-003700

Severity

CAT II

CCI(s)

• CCI-000097 - The organization restricts or prohibits the use of organization-controlled portable storage devices by authorized individuals on external information systems.

Weight

10

Fix Recommendation

Configure the Google Android device to disable backup to locally connected systems.

NOTE: On Restrictions, the backup features for Google are not in the framework.

On the MDM console:

1. Open Device Restrictions.
2. Open Restrictions Settings.
3. Select "Disallow usb file transfer".

Check Contents

Review Google Android device configuration settings to determine if the capability to back up to a locally connected system has been disabled.

This validation procedure is performed on both the MDM Administration Console and the Android Pie device.

On the MDM console, do the following:

1. Open Device Restrictions.
2. Open Restrictions Settings.
3. Ensure "Disallow usb file transfer" is selected.

On the Android Pie device, do the following:

1. Plug in USB cable into Android Pie device and connect to a non-DoD network-managed PC.
2. Go to Settings >> Connected devices >> USB
3. Ensure No data transfer is selected.

If the MDM console device policy is not set to disable the capability to back up to a locally connected system or on the Android Pie device, the device policy is not set to disable the capability to back up to a locally connected system, this is a finding.

Vulnerability Number

V-97333

Documentable

False

Rule Version

GOOG-09-003700

Severity Override Guidance

Review Google Android device configuration settings to determine if the capability to back up to a locally connected system has been disabled.

This validation procedure is performed on both the MDM Administration Console and the Android Pie device.

On the MDM console, do the following:

1. Open Device Restrictions.
2. Open Restrictions Settings.
3. Ensure "Disallow usb file transfer" is selected.

On the Android Pie device, do the following:

1. Plug in USB cable into Android Pie device and connect to a non-DoD network-managed PC.
2. Go to Settings >> Connected devices >> USB
3. Ensure No data transfer is selected.

If the MDM console device policy is not set to disable the capability to back up to a locally connected system or on the Android Pie device, the device policy is not set to disable the capability to back up to a locally connected system, this is a finding.

Check Content Reference

M

Target Key

3499

Comments