STIGQter STIGQter: STIG Summary: Google Android 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2019:

The Google Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.

DISA Rule

SV-106441r1_rule

Vulnerability Number

V-97337

Group Title

PP-MDF-301260

Rule Version

GOOG-09-004500

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Google Android Pie to enable the access control policy that prevents [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].

NOTE: All application data is inherently sandboxed and isolated from other applications. In order to disable copy/paste on the MDM Console:

1. Open restrictions settings.
2. Open user restrictions.
3. Select "Disallow cross profile copy/paste".
4. Select "Disallow sharing data into the profile".

Check Contents

Review documentation on the Google Android device and inspect the configuration on the Google Android device to verify the access control policy that prevents [selection: application processes] from accessing [selection: all] data stored by other [selection: application processes] is enabled.

This validation procedure is performed only on the MDM Administration Console.

On the MDM console, do the following:

1. Open restrictions settings.
2. Open user restrictions.
3. Ensure "Disallow cross profile copy/paste" is selected.
4. Ensure "Disallow sharing data into the profile" is selected.

If the MDM console device policy is not set to disable data sharing between profiles, this is a finding.

Vulnerability Number

V-97337

Documentable

False

Rule Version

GOOG-09-004500

Severity Override Guidance

Review documentation on the Google Android device and inspect the configuration on the Google Android device to verify the access control policy that prevents [selection: application processes] from accessing [selection: all] data stored by other [selection: application processes] is enabled.

This validation procedure is performed only on the MDM Administration Console.

On the MDM console, do the following:

1. Open restrictions settings.
2. Open user restrictions.
3. Ensure "Disallow cross profile copy/paste" is selected.
4. Ensure "Disallow sharing data into the profile" is selected.

If the MDM console device policy is not set to disable data sharing between profiles, this is a finding.

Check Content Reference

M

Target Key

3499

Comments