STIGQter: STIG Summary: Google Android 11 COBO Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 11 Sep 2020:

Google Android 11 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), HandsFree Profile (HFP), and Serial Port Profile (SPP).

DISA Rule

SV-228582r510289_rule

Vulnerability Number

V-228582

Group Title

PP-MDF-301110

Rule Version

GOOG-11-001400

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001761 - The organization defines the functions, ports, protocols, and services within the information system that are to be disabled when deemed unnecessary and/or nonsecure.

Weight

10

Fix Recommendation

Configure the Google Android 11 device to disable Bluetooth or if the AO has approved the use of Bluetooth (for example, for car hands-free use), train the user to connect to only authorized Bluetooth devices using only HSP, HFP, or SPP Bluetooth capable devices (UBE).

To disable Bluetooth use the following procedure:
On the EMM Console:
1. Open "User restrictions on parent" section.
2. Toggle "Disallow Bluetooth" to On.

The user training requirement is satisfied in requirement GOOG-11-008700.

Check Contents

Determine if the AO has approved the use of Bluetooth at the site.

If the AO has not approved the use of Bluetooth, verify Bluetooth has been disabled:

On the EMM console, do the following:
1. Open "User restrictions on parent" section.
2. Verify that "Disallow Bluetooth" is toggled to On.

On the Android 11 device, do the following:
1. Go to Settings >> Connected Devices >> Connection Preferences >> Bluetooth.
2. Ensure that it is set to Off and cannot be toggled to On.

If the AO has approved the use of Bluetooth, on the Google Android 11 device do the following:
1. Go to Settings >> Connected Devices.
2. Verify only approved Bluetooth connected devices using approved profiles are listed.

If the AO has not approved the use of Bluetooth, and Bluetooth use is not disabled via an EMM-managed device policy, this is a finding.

If the AO has approved the use of Bluetooth, and Bluetooth devices using unauthorized Bluetooth profiles are listed on the device under "Connected devices", this is a finding.

Vulnerability Number

V-228582

Documentable

False

Rule Version

GOOG-11-001400

Severity Override Guidance

Determine if the AO has approved the use of Bluetooth at the site.

If the AO has not approved the use of Bluetooth, verify Bluetooth has been disabled:

On the EMM console, do the following:
1. Open "User restrictions on parent" section.
2. Verify that "Disallow Bluetooth" is toggled to On.

On the Android 11 device, do the following:
1. Go to Settings >> Connected Devices >> Connection Preferences >> Bluetooth.
2. Ensure that it is set to Off and cannot be toggled to On.

If the AO has approved the use of Bluetooth, on the Google Android 11 device do the following:
1. Go to Settings >> Connected Devices.
2. Verify only approved Bluetooth connected devices using approved profiles are listed.

If the AO has not approved the use of Bluetooth, and Bluetooth use is not disabled via an EMM-managed device policy, this is a finding.

If the AO has approved the use of Bluetooth, and Bluetooth devices using unauthorized Bluetooth profiles are listed on the device under "Connected devices", this is a finding.

Check Content Reference

M

Target Key

4228

Comments