STIGQter STIGQter: STIG Summary: Google Android 11 COPE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 11 Sept 2020:

Google Android 11 must allow only the administrator (EMM) to install/remove DoD root and intermediate PKI certificates.

DISA Rule

SV-228629r505886_rule

Vulnerability Number

V-228629

Group Title

PP-MDF-992000

Rule Version

GOOG-11-009100

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Google Android 11 device to prevent a user from removing DoD root and intermediate PKI certificates.

On the EMM console:
1. Open "Set user restrictions".
2. Toggle "Disallow config credentials" to On.

Check Contents

Review the device configuration to confirm that the user is unable to remove DoD root and intermediate PKI certificates.

On the EMM console:
1. Open "Set user restrictions".
2. Verify that "Disallow config credentials" is toggled to On.

On the Google Android 11 device, do the following:
1. Open Settings.
2. Tap "Security".
3. Tap "Advanced".
4. Tap "Encryption & credentials".
5. Tap "Trusted credentials".
6. Verify that the user is unable to untrust or remove any work certificates.

If on the Google Android 11 device the user is able to remove certificates, this is a finding.

Vulnerability Number

V-228629

Documentable

False

Rule Version

GOOG-11-009100

Severity Override Guidance

Review the device configuration to confirm that the user is unable to remove DoD root and intermediate PKI certificates.

On the EMM console:
1. Open "Set user restrictions".
2. Verify that "Disallow config credentials" is toggled to On.

On the Google Android 11 device, do the following:
1. Open Settings.
2. Tap "Security".
3. Tap "Advanced".
4. Tap "Encryption & credentials".
5. Tap "Trusted credentials".
6. Verify that the user is unable to untrust or remove any work certificates.

If on the Google Android 11 device the user is able to remove certificates, this is a finding.

Check Content Reference

M

Target Key

4229

Comments