STIGQter STIGQter: STIG Summary: Honeywell Android 9.x COPE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 14 Jan 2021:

The Honeywell Mobility Edge Android Pie device Work Profile must be configured to prevent users from adding personal email accounts to the work email app.

DISA Rule

SV-235085r626527_rule

Vulnerability Number

V-235085

Group Title

PP-MDF-991000

Rule Version

HONW-09-009200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Honeywell Mobility Edge Android Pie devices Work Profile to prevent users from adding personal email accounts to the work email app.

On the MDM console, for the Work Profile:
1. Open the User restrictions setting.
2. Set "Disallow modify accounts" to "On".

Refer to the MDM documentation to determine how to provision users' work email accounts for the work email app.

Check Contents

Review the Honeywell Mobility Edge Android Pie devices Work Profile configuration settings to confirm that users are prevented from adding personal email accounts to the work email app.

This procedure is performed on both the MDM Administrator console and the Honeywell Mobility Edge Android Pie devices device.

On the MDM console:
1. Open the User restrictions setting.
2. Verify that "Disallow add accounts" is set to "On".

On the Honeywell Android Pie device, do the following:
1. Open Settings.
2. Tap "Accounts".
3. Verify that "Add account" is grayed out under the Work section.

If on the MDM console the restriction to "Disallow add accounts" is not set or on the Honeywell Mobility Edge Android Pie device the user is able to add an account, this is a finding.

Vulnerability Number

V-235085

Documentable

False

Rule Version

HONW-09-009200

Severity Override Guidance

Review the Honeywell Mobility Edge Android Pie devices Work Profile configuration settings to confirm that users are prevented from adding personal email accounts to the work email app.

This procedure is performed on both the MDM Administrator console and the Honeywell Mobility Edge Android Pie devices device.

On the MDM console:
1. Open the User restrictions setting.
2. Verify that "Disallow add accounts" is set to "On".

On the Honeywell Android Pie device, do the following:
1. Open Settings.
2. Tap "Accounts".
3. Verify that "Add account" is grayed out under the Work section.

If on the MDM console the restriction to "Disallow add accounts" is not set or on the Honeywell Mobility Edge Android Pie device the user is able to add an account, this is a finding.

Check Content Reference

M

Target Key

5276

Comments