STIGQter STIGQter: STIG Summary: Google Android 11 COPE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 11 Sept 2020:

Google Android 11 must have the DoD root and intermediate PKI certificates installed.

DISA Rule

SV-228628r505883_rule

Vulnerability Number

V-228628

Group Title

PP-MDF-991000

Rule Version

GOOG-11-009000

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Google Android 11 device to install DoD root and intermediate certificates.

On the EMM console upload DoD root and intermediate certificates as part of a device and/or work profile.

The current DoD root and intermediate PKI certificates may be obtained in self-extracting zip files at http://cyber.mil/pki-pke (for NIPRNet).

Check Contents

Review device configuration settings to confirm that the DoD root and intermediate PKI certificates are installed.

This procedure is performed on both the EMM Administration console and the Google Android 11 device.

The current DoD root and intermediate PKI certificates may be obtained in self-extracting zip files at http://cyber.mil/pki-pke (for NIPRNet).

On the EMM console verify that the DoD root and intermediate certificates are part of a device and/or work profile that is being pushed down to the devices.

On the Google Android 11 device, do the following:
1. Open Settings.
2. Tap "Security".
3. Tap "Advanced".
4. Tap "Encryption & credentials".
5. Tap "Trusted credentials".
6. Verify that DoD root and intermediate PKI certificates are listed under the User tab in the Work section.

If on the EMM console the DoD root and intermediate certificates are not listed in a profile, or the Google Android 11 device does not list the DoD root and intermediate certificates under the user tab, this is a finding.

Vulnerability Number

V-228628

Documentable

False

Rule Version

GOOG-11-009000

Severity Override Guidance

Review device configuration settings to confirm that the DoD root and intermediate PKI certificates are installed.

This procedure is performed on both the EMM Administration console and the Google Android 11 device.

The current DoD root and intermediate PKI certificates may be obtained in self-extracting zip files at http://cyber.mil/pki-pke (for NIPRNet).

On the EMM console verify that the DoD root and intermediate certificates are part of a device and/or work profile that is being pushed down to the devices.

On the Google Android 11 device, do the following:
1. Open Settings.
2. Tap "Security".
3. Tap "Advanced".
4. Tap "Encryption & credentials".
5. Tap "Trusted credentials".
6. Verify that DoD root and intermediate PKI certificates are listed under the User tab in the Work section.

If on the EMM console the DoD root and intermediate certificates are not listed in a profile, or the Google Android 11 device does not list the DoD root and intermediate certificates under the user tab, this is a finding.

Check Content Reference

M

Target Key

4229

Comments