STIGQter: STIG Summary: Honeywell Android 9.x COPE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 14 Jan 2021:

The Honeywell Mobility Edge Android Pie device must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.

DISA Rule

SV-235078r626527_rule

Vulnerability Number

V-235078

Group Title

PP-MDF-301260

Rule Version

HONW-09-004500

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-002191 - The organization defines the information flow control policies to be enforced by the information system using protected processing domains.

Weight

10

Fix Recommendation

Configure the Honeywell Android Pie to enable the access control policy that prevents [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].

NOTE: All application data is inherently sandboxed and isolated from other applications. In order to disable copy/paste on the MDM Console:

1. Open Restrictions settings.
2. Open User restrictions.
3. Select "Disallow cross profile copy/paste".
4. Select "Disallow sharing data into the profile".

Check Contents

Review documentation on the Honeywell Android device and inspect the configuration on the Honeywell Android device to verify the access control policy that prevents [selection: application processes] from accessing [selection: all] data stored by other [selection: application processes] is enabled.

This validation procedure is performed only on the MDM Administration console.

On the MDM console:
1. Open Restrictions settings.
2. Open User restrictions.
3. Ensure "Disallow cross profile copy/paste" is selected.
4. Ensure "Disallow sharing data into the profile" is selected.

If the MDM console device policy is not set to disable data sharing between profiles, this is a finding.

Vulnerability Number

V-235078

Documentable

False

Rule Version

HONW-09-004500

Severity Override Guidance

Review documentation on the Honeywell Android device and inspect the configuration on the Honeywell Android device to verify the access control policy that prevents [selection: application processes] from accessing [selection: all] data stored by other [selection: application processes] is enabled.

This validation procedure is performed only on the MDM Administration console.

On the MDM console:
1. Open Restrictions settings.
2. Open User restrictions.
3. Ensure "Disallow cross profile copy/paste" is selected.
4. Ensure "Disallow sharing data into the profile" is selected.

If the MDM console device policy is not set to disable data sharing between profiles, this is a finding.

Check Content Reference

M

Target Key

5276

Comments