STIGQter: STIG Summary: Motorola Android 9.x COPE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 14 Oct 2020:

The Motorola Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.

DISA Rule

SV-230093r569708_rule

Vulnerability Number

V-230093

Group Title

GOOG-09-004500

Rule Version

MOTO-09-004500

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-002191 - The organization defines the information flow control policies to be enforced by the information system using protected processing domains.

Weight

10

Fix Recommendation

Configure the Motorola Android Pie to enable the access control policy that prevents [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].

NOTE: All application data is inherently sandboxed and isolated from other applications.

To disable copy/paste on the MDM console:
1. Open Restrictions settings.
2. Open User Restrictions.
3. Select "Disallow cross profile copy/paste".
4. Select "Disallow sharing data into the profile".

Check Contents

Review documentation on the Motorola Android device and inspect the configuration on the Motorola Android device to verify the access control policy that prevents [selection: application processes] from accessing [selection: all] data stored by other [selection: application processes] is enabled.

This validation procedure is performed only on the MDM Administration Console.

On the MDM console:
1. Open Restrictions settings.
2. Open User Restrictions.
3. Verify "Disallow cross profile copy/paste" is selected.
4. Verify "Disallow sharing data into the profile" is selected.

If the MDM console device policy is not set to disable data sharing between profiles, this is a finding.

Vulnerability Number

V-230093

Documentable

False

Rule Version

MOTO-09-004500

Severity Override Guidance

Review documentation on the Motorola Android device and inspect the configuration on the Motorola Android device to verify the access control policy that prevents [selection: application processes] from accessing [selection: all] data stored by other [selection: application processes] is enabled.

This validation procedure is performed only on the MDM Administration Console.

On the MDM console:
1. Open Restrictions settings.
2. Open User Restrictions.
3. Verify "Disallow cross profile copy/paste" is selected.
4. Verify "Disallow sharing data into the profile" is selected.

If the MDM console device policy is not set to disable data sharing between profiles, this is a finding.

Check Content Reference

M

Target Key

4230

Comments