STIGQter: STIG Summary: Google Android 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2019:

Google Android Pie must have the DoD root and intermediate PKI certificates installed.

DISA Rule

SV-106453r1_rule

Vulnerability Number

V-97349

Group Title

PP-MDF-991000

Rule Version

GOOG-09-009000

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure Google Android Pie to install DoD root and intermediate certificates.

On the MDM console upload DoD root and intermediate certificates as part of a device and/or work profile

The current DoD root and intermediate PKI certificates may be obtained in self-extracting zip files at http://cyber.mil/pki-pke (for NIPRNet).

Check Contents

Review device configuration settings to confirm that the DoD root and intermediate PKI certificates are installed.

This procedure is performed on both the MDM Administration console and the Google Android Pie device.

The current DoD root and intermediate PKI certificates may be obtained in self-extracting zip files at http://cyber.mil/pki-pke (for NIPRNet).

On the MDM console verify that the DoD root and intermediate certificates are part of a device and/or work profile that is being pushed down to the devices.

On the Google Android Pie device, do the following:
1. Open Settings.
2. Tap "Security & Location".
3. Tap on "Advanced".
4. Tap on "Encryption & credentials".
5. Tap on "Trusted credentials".
6. Verify that DoD root and intermediate PKI certificates are listed under the user tab.

If on the MDM console the DoD root and intermediate certificates are not listed in a profile, or on the Google Android Pie device does not list the DoD root and intermediate certificates under the user tab, this is a finding.

Vulnerability Number

V-97349

Documentable

False

Rule Version

GOOG-09-009000

Severity Override Guidance

Review device configuration settings to confirm that the DoD root and intermediate PKI certificates are installed.

This procedure is performed on both the MDM Administration console and the Google Android Pie device.

The current DoD root and intermediate PKI certificates may be obtained in self-extracting zip files at http://cyber.mil/pki-pke (for NIPRNet).

On the MDM console verify that the DoD root and intermediate certificates are part of a device and/or work profile that is being pushed down to the devices.

On the Google Android Pie device, do the following:
1. Open Settings.
2. Tap "Security & Location".
3. Tap on "Advanced".
4. Tap on "Encryption & credentials".
5. Tap on "Trusted credentials".
6. Verify that DoD root and intermediate PKI certificates are listed under the user tab.

If on the MDM console the DoD root and intermediate certificates are not listed in a profile, or on the Google Android Pie device does not list the DoD root and intermediate certificates under the user tab, this is a finding.

Check Content Reference

M

Target Key

3499

Comments