STIGQter: STIG Summary: Google Android 10.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

Google Android 10 must have the DoD root and intermediate PKI certificates installed.

DISA Rule

SV-108069r1_rule

Vulnerability Number

V-98965

Group Title

PP-MDF-991000

Rule Version

GOOG-10-009000

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure Google Android 10 to install DoD root and intermediate certificates.

On the MDM console upload DoD root and intermediate certificates as part of a device and/or work profile.

The current DoD root and intermediate PKI certificates may be obtained in self-extracting zip files at http://cyber.mil/pki-pke (for NIPRNet).

Check Contents

Review device configuration settings to confirm that the DoD root and intermediate PKI certificates are installed.

This procedure is performed on both the MDM Administration console and the Google Android 10 device.

The current DoD root and intermediate PKI certificates may be obtained in self-extracting zip files at http://cyber.mil/pki-pke (for NIPRNet).

On the MDM console verify that the DoD root and intermediate certificates are part of a device and/or work profile that is being pushed down to the devices.

On the Google Android 10 device, do the following:
1. Open Settings.
2. Tap "Security".
3. Tap "Advanced".
4. Tap "Encryption & credentials".
5. Tap "Trusted credentials".
6. Verify that DoD root and intermediate PKI certificates are listed under the User tab in the Work section.

If on the MDM console the DoD root and intermediate certificates are not listed in a profile, or the Google Android 10 device does not list the DoD root and intermediate certificates under the user tab, this is a finding.

Vulnerability Number

V-98965

Documentable

False

Rule Version

GOOG-10-009000

Severity Override Guidance

Review device configuration settings to confirm that the DoD root and intermediate PKI certificates are installed.

This procedure is performed on both the MDM Administration console and the Google Android 10 device.

The current DoD root and intermediate PKI certificates may be obtained in self-extracting zip files at http://cyber.mil/pki-pke (for NIPRNet).

On the MDM console verify that the DoD root and intermediate certificates are part of a device and/or work profile that is being pushed down to the devices.

On the Google Android 10 device, do the following:
1. Open Settings.
2. Tap "Security".
3. Tap "Advanced".
4. Tap "Encryption & credentials".
5. Tap "Trusted credentials".
6. Verify that DoD root and intermediate PKI certificates are listed under the User tab in the Work section.

If on the MDM console the DoD root and intermediate certificates are not listed in a profile, or the Google Android 10 device does not list the DoD root and intermediate certificates under the user tab, this is a finding.

Check Content Reference

M

Target Key

3581

Comments