STIGQter: STIG Summary: Motorola Android 9.x COPE Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 14 Oct 2020:

The Motorola Android Pie must be configured to not allow backup of [all applications, configuration data] to locally connected systems.

DISA Rule

SV-230091r569708_rule

Vulnerability Number

V-230091

Group Title

GOOG-09-003700

Rule Version

MOTO-09-003700

Severity

CAT II

CCI(s)

• CCI-000097 - The organization restricts or prohibits the use of organization-controlled portable storage devices by authorized individuals on external information systems.

Weight

10

Fix Recommendation

Configure the Motorola Android device to disable backup to locally connected systems.

NOTE: On Restrictions, the backup features for Motorola are not in the framework.

On the MDM console:
1. Open Device Restrictions.
2. Open Restrictions Settings.
3. Select "Disallow usb file transfer".

Check Contents

Review Motorola Android device configuration settings to determine if the capability to back up to a locally connected system has been disabled.

This validation procedure is performed on both the MDM Administration Console and the Android Pie device.

On the MDM console:
1. Open Device Restrictions.
2. Open Restrictions Settings.
3. Verify "Disallow usb file transfer" is selected.

On the Android Pie device:
1. Plug USB cable into Android Pie device and connect to a non-DoD network-managed PC.
2. Go to Settings >> Connected devices >> USB.
3. Verify "No data transfer" is selected.

If the MDM console device policy is not set to disable the capability to back up to a locally connected system, or on the Android Pie device, the device policy is not set to disable the capability to back up to a locally connected system, this is a finding.

Vulnerability Number

V-230091

Documentable

False

Rule Version

MOTO-09-003700

Severity Override Guidance

Review Motorola Android device configuration settings to determine if the capability to back up to a locally connected system has been disabled.

This validation procedure is performed on both the MDM Administration Console and the Android Pie device.

On the MDM console:
1. Open Device Restrictions.
2. Open Restrictions Settings.
3. Verify "Disallow usb file transfer" is selected.

On the Android Pie device:
1. Plug USB cable into Android Pie device and connect to a non-DoD network-managed PC.
2. Go to Settings >> Connected devices >> USB.
3. Verify "No data transfer" is selected.

If the MDM console device policy is not set to disable the capability to back up to a locally connected system, or on the Android Pie device, the device policy is not set to disable the capability to back up to a locally connected system, this is a finding.

Check Content Reference

M

Target Key

4230

Comments