STIGQter: STIG Summary: Google Android 10.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

Google Android 10 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.

DISA Rule

SV-108053r1_rule

Vulnerability Number

V-98949

Group Title

PP-MDF-301220

Rule Version

GOOG-10-003700

Severity

CAT II

CCI(s)

• CCI-000097 - The organization restricts or prohibits the use of organization-controlled portable storage devices by authorized individuals on external information systems.

Weight

10

Fix Recommendation

Configure the Google Android device to disable backup to locally connected systems.

NOTE: On Restrictions, the backup features for Google are not in the framework.

On the MDM console:

1. Open User restrictions.
2. Select "Disallow usb file transfer".

Check Contents

Review Google Android device configuration settings to determine if the capability to back up to a locally connected system has been disabled.

This validation procedure is performed on both the MDM Administration Console and the Android 10 device.

On the MDM console, do the following:

1. Open User restrictions.
2. Select "Disallow usb file transfer".

On the Android 10 device, do the following:

1. Plug a USB cable into Android 10 device and connect to a non-DoD network-managed PC.
2. Go to Settings >> Connected devices >> USB.
3. Ensure “No data transfer” is selected.

If the MDM console device policy is not set to disable the capability to back up to a locally connected system or on the Android 10 device, the device policy is not set to disable the capability to back up to a locally connected system, this is a finding.

Vulnerability Number

V-98949

Documentable

False

Rule Version

GOOG-10-003700

Severity Override Guidance

Review Google Android device configuration settings to determine if the capability to back up to a locally connected system has been disabled.

This validation procedure is performed on both the MDM Administration Console and the Android 10 device.

On the MDM console, do the following:

1. Open User restrictions.
2. Select "Disallow usb file transfer".

On the Android 10 device, do the following:

1. Plug a USB cable into Android 10 device and connect to a non-DoD network-managed PC.
2. Go to Settings >> Connected devices >> USB.
3. Ensure “No data transfer” is selected.

If the MDM console device policy is not set to disable the capability to back up to a locally connected system or on the Android 10 device, the device policy is not set to disable the capability to back up to a locally connected system, this is a finding.

Check Content Reference

M

Target Key

3581

Comments