STIGQter STIGQter: STIG Summary: Motorola Android 9.x COBO Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 14 Oct 2020:

Motorola Android Pie must allow only the Administrator (MDM) to install/remove DoD root and intermediate PKI certificates.

DISA Rule

SV-230133r569707_rule

Vulnerability Number

V-230133

Group Title

GOOG-09-009100

Rule Version

MOTO-09-009100

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Motorola Android Pie to prevent a user from removing DoD root and intermediate PKI certificates.

On the MDM console:
1. Open the User restrictions setting.
2. Set "Disallow config credentials" to "On" for the work profile.

Check Contents

Review the device configuration to confirm that the user is unable to remove DoD root and intermediate PKI certificates.

On the MDM console:
1. Open the User restrictions setting.
2. Verify that "Disallow config credentials" is set to "On" for the work profile.

On the Android Pie device:
1. Open Settings.
2. Tap "Security & Location".
3. Tap on "Advanced".
4. Tap on "Encryption & credentials".
5. Tap on "Trusted credentials".
6. Verify that the user is unable to untrust or remove any work certificates.

If on the Motorola Android Pie device the user is able to remove certificates, this is a finding.

Vulnerability Number

V-230133

Documentable

False

Rule Version

MOTO-09-009100

Severity Override Guidance

Review the device configuration to confirm that the user is unable to remove DoD root and intermediate PKI certificates.

On the MDM console:
1. Open the User restrictions setting.
2. Verify that "Disallow config credentials" is set to "On" for the work profile.

On the Android Pie device:
1. Open Settings.
2. Tap "Security & Location".
3. Tap on "Advanced".
4. Tap on "Encryption & credentials".
5. Tap on "Trusted credentials".
6. Verify that the user is unable to untrust or remove any work certificates.

If on the Motorola Android Pie device the user is able to remove certificates, this is a finding.

Check Content Reference

M

Target Key

5234

Comments