STIGQter: STIG Summary: Google Android 11 COPE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 11 Sept 2020:

Google Android 11 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.

DISA Rule

SV-228621r505862_rule

Vulnerability Number

V-228621

Group Title

PP-MDF-301260

Rule Version

GOOG-11-004500

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-002191 - The organization defines the information flow control policies to be enforced by the information system using protected processing domains.

Weight

10

Fix Recommendation

Configure the Google Android 11 device to enable the access control policy that prevents [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].

NOTE: All application data is inherently sandboxed and isolated from other applications. In order to disable copy/paste on the EMM Console:
1. Open "Set user restrictions".
2. Toggle "Disallow cross profile copy/paste" to On.
3. Toggle "Disallow sharing data into the profile" to On.

Check Contents

Review documentation on the Google Android device and inspect the configuration on the Google Android device to verify the access control policy that prevents [selection: application processes] from accessing [selection: all] data stored by other [selection: application processes] is enabled.

This validation procedure is performed only on the EMM Administration Console.

On the EMM console, do the following:
1. Open "Set user restrictions".
2. Verify that "Disallow cross profile copy/paste" is toggled to On.
3. Verify that "Disallow sharing data into the profile" is toggled to On.

If the EMM console device policy is not set to disable data sharing between profiles, this is a finding.

Vulnerability Number

V-228621

Documentable

False

Rule Version

GOOG-11-004500

Severity Override Guidance

Review documentation on the Google Android device and inspect the configuration on the Google Android device to verify the access control policy that prevents [selection: application processes] from accessing [selection: all] data stored by other [selection: application processes] is enabled.

This validation procedure is performed only on the EMM Administration Console.

On the EMM console, do the following:
1. Open "Set user restrictions".
2. Verify that "Disallow cross profile copy/paste" is toggled to On.
3. Verify that "Disallow sharing data into the profile" is toggled to On.

If the EMM console device policy is not set to disable data sharing between profiles, this is a finding.

Check Content Reference

M

Target Key

4229

Comments