STIGQter: STIG Summary: Google Android 10.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

Google Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.

DISA Rule

SV-108057r1_rule

Vulnerability Number

V-98953

Group Title

PP-MDF-301260

Rule Version

GOOG-10-004500

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-002191 - The organization defines the information flow control policies to be enforced by the information system using protected processing domains.

Weight

10

Fix Recommendation

Configure the Google Android 10 to enable the access control policy that prevents [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].

NOTE: All application data is inherently sandboxed and isolated from other applications. In order to disable copy/paste on the MDM Console:

1. Open User restrictions.
2. Select "Disallow cross profile copy/paste".
3. Select "Disallow sharing data into the profile".

Check Contents

Review documentation on the Google Android device and inspect the configuration on the Google Android device to verify the access control policy that prevents [selection: application processes] from accessing [selection: all] data stored by other [selection: application processes] is enabled.

This validation procedure is performed only on the MDM Administration Console.

On the MDM console, do the following:

1. Open User restrictions.
2. Select "Disallow cross profile copy/paste".
3. Select "Disallow sharing data into the profile".

If the MDM console device policy is not set to disable data sharing between profiles, this is a finding.

Vulnerability Number

V-98953

Documentable

False

Rule Version

GOOG-10-004500

Severity Override Guidance

Review documentation on the Google Android device and inspect the configuration on the Google Android device to verify the access control policy that prevents [selection: application processes] from accessing [selection: all] data stored by other [selection: application processes] is enabled.

This validation procedure is performed only on the MDM Administration Console.

On the MDM console, do the following:

1. Open User restrictions.
2. Select "Disallow cross profile copy/paste".
3. Select "Disallow sharing data into the profile".

If the MDM console device policy is not set to disable data sharing between profiles, this is a finding.

Check Content Reference

M

Target Key

3581

Comments