STIGQter STIGQter: STIG Summary: Google Android 11 COBO Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 11 Sep 2020:

Google Android 11 must allow only the administrator (EMM) to install/remove DoD root and intermediate PKI certificates.

DISA Rule

SV-228597r510289_rule

Vulnerability Number

V-228597

Group Title

PP-MDF-992000

Rule Version

GOOG-11-009100

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Google Android 11 device to prevent a user from removing DoD root and intermediate PKI certificates.

On the EMM console:
1. Open "Set user restrictions".
2. Toggle "Disallow config credentials" to On.

Check Contents

Review the device configuration to confirm that the user is unable to remove DoD root and intermediate PKI certificates.

On the EMM console:
1. Open "Set user restrictions".
2. Verify that "Disallow config credentials" is toggled to On.

On the Google Android 11 device, do the following:
1. Open Settings.
2. Tap "Security".
3. Tap "Advanced".
4. Tap "Encryption & credentials".
5. Tap "Trusted credentials".
6. Verify that the user is unable to untrust or remove any work certificates.

If on the Google Android 11 device the user is able to remove certificates, this is a finding.

Vulnerability Number

V-228597

Documentable

False

Rule Version

GOOG-11-009100

Severity Override Guidance

Review the device configuration to confirm that the user is unable to remove DoD root and intermediate PKI certificates.

On the EMM console:
1. Open "Set user restrictions".
2. Verify that "Disallow config credentials" is toggled to On.

On the Google Android 11 device, do the following:
1. Open Settings.
2. Tap "Security".
3. Tap "Advanced".
4. Tap "Encryption & credentials".
5. Tap "Trusted credentials".
6. Verify that the user is unable to untrust or remove any work certificates.

If on the Google Android 11 device the user is able to remove certificates, this is a finding.

Check Content Reference

M

Target Key

4228

Comments