Android 2.2 (Dell) Security Technical Implementation Guide

U_Android_2-2_Dell_V1R2_Manual-xccdf.xml

This STIG contains technical security controls required for the use of the Android 2.2 (Dell version) mobile operating system in the DoD environment when managed by the Good Mobility Suite.
Details

Version / Release: V1R2

Published: 2014-08-26

Updated At: 2018-09-23 01:26:20

Actions

Download

Filter


Vuln Rule Version CCI Severity Title Description
SV-38990r1_rule WIR-MOS-AND-034-01 MEDIUM The VPN client on wireless clients (PDAs, smartphones) used for remote access to DoD networks will be FIPS 140-2 validated. This check is not applicable if the installed VPN client is not used for remote access to DoD networks. DoD data could be compromised if transmitted data is not secured with a compliant VPN. FIPS validation provides a level of assurance that the encryption of the device has been securely implemented.ECWN-1
SV-35045r1_rule WIR-MOS-AND-033-01 MEDIUM Removable memory cards (e.g., MicroSD) must have data stored on the card encrypted with a FIPS 140-2 validated cryptographic module. Memory card used to transfer files between PCs and PDAs is a migration path for the spread of malware on DoD computers and handheld devices. These risks are mitigated by the requirements listed in this check.System AdministratorInformation Assurance OfficerECWN-1
SV-35005r1_rule WIR-MOS-AND-034-02 MEDIUM All wireless PDA clients used for remote access to DoD networks must enable AES encryption for the VPN. DoD data could be compromised if transmitted data is not secured with a compliant VPN.System AdministratorInformation Assurance OfficerECWN-1
SV-35006r1_rule WIR-MOS-AND-034-03 MEDIUM All wireless PDA clients used for remote access to DoD networks must have a VPN supporting CAC authentication. DoD data could be compromised if transmitted data is not secured with a compliant VPN.System AdministratorInformation Assurance OfficerECWN-1
SV-35007r1_rule WIR-MOS-AND-034-04 MEDIUM All wireless PDA and smartphone client VPNs must have split tunneling disabled. DoD data could be compromised if transmitted data is not secured with a compliant VPN.System AdministratorInformation Assurance OfficerECWN-1
SV-35011r1_rule WIR-MOS-AND-001 MEDIUM Smartphone devices must have required operating system software versions installed. Required security features are not available in earlier OS versions. In addition, there are known vulnerabilities in earlier versions.System AdministratorECSC-1, ECWN-1
SV-35012r1_rule WIR-MOS-AND-002 LOW Smart Card Readers (SCRs) used with smartphone must have required software version installed. Required security features are not available in earlier software versions. In addition, there may be known vulnerabilities in earlier versions.System AdministratorECSC-1
SV-35013r1_rule WIR-MOS-AND-003 MEDIUM S/MIME must be installed on smartphones so users can sign/encrypt email. S/MIME provides the capability for users to send and receive S/MIME email messages from wireless email devices. S/MIME and digital signatures provide assurance the message is authentic and is required by DoD policy. Without S/MIME users will not be able to read encrypted email and will not be able to encrypt email with sensitive information.System AdministratorECSC-1
SV-35014r1_rule WIR-MOS-AND-004 LOW If smartphone email auto signatures are used, the signature message must not disclose the email originated from a smartphone (e.g., “Sent From My Wireless Handheld”). The disclaimer message may give information which may key an attacker in on the device. System AdministratorInformation Assurance OfficerECSC-1
SV-38760r1_rule WIR-MOS-AND-005 LOW All Internet browsing on a DoD mobile operating system (OS) device will go through a DoD Internet proxy. A DoD Internet proxy provides additional security over the carrier's browser. When using the DoD Internet proxy for a mobile device Internet connections, enclave Internet security controls will filter and monitor mobile device Internet connections.System AdministratorInformation Assurance OfficerECSC-1
SV-35015r1_rule WIR-MOS-AND-006-01 HIGH All non-core applications on the mobile OS device must be approved by the DAA or Command IT Configuration Control Board. Non-approved applications can contain malware. Approved applications should be reviewed and tested by the approving authority to ensure they do not contain malware, spyware, or have unexpected features (e.g., send private information to a web site, track user actions, connect to a non-DoD management server).Information Assurance OfficerDesignated Approving AuthorityInformation Assurance ManagerDCCB-1, ECWN-1
SV-34965r1_rule WIR-MOS-AND-030-01 MEDIUM A compliance rule must be set up in the server defining required mobile OS software versions. Unapproved OS versions do not support required security features. The security baseline of the Android system could be compromised if required security features are not available.System AdministratorECWN-1
SV-35018r1_rule WIR-MOS-AND-G-010 HIGH Smartphones must be configured to require a password/passcode for device unlock. Sensitive DoD data could be compromised if a device unlock password/passcode is not set up on a DoD smartphones.System AdministratorECWN-1, IAIA-1
SV-35021r1_rule WIR-MOS-AND-G-013 LOW Maximum password/passcode age must be set. Sensitive DoD data could be compromised if a strong device unlock passcode is not set up on a DoD smartphone and the passcode is not changed periodically.System AdministratorECWN-1, IAIA-1
SV-35023r1_rule WIR-MOS-AND-G-016 MEDIUM The smartphone inactivity timeout must be set. Sensitive DoD data could be compromised if the smartphone does not automatically lock after 15 minutes of inactivity.System AdministratorPESL-1
SV-35024r1_rule WIR-MOS-AND-G-017 MEDIUM Password/passcode maximum failed attempts must be set to required value. A hacker with unlimited attempts can determine the password of a smartphone within a few minutes using password hacking tools, which could lead to unauthorized access to the smartphone and exposure to sensitive DoD data.System AdministratorIAIA-1
SV-35030r1_rule WIR-MOS-AND-G-019 MEDIUM Access to public application stores must be disabled. Strong configuration management of all applications installed on DoD device is required to ensure the security baseline of the system is maintained. Otherwise, sensitive DoD data could be compromised.System AdministratorInformation Assurance OfficerECSC-1, ECWN-1
SV-35034r1_rule WIR-MOS-AND-G-020 MEDIUM Users must not be allowed to download applications on smartphones without SA control. Strong configuration management of all applications installed on DoD device is required to ensure the security baseline of the system is maintained. Otherwise, sensitive DoD data could be compromised.System AdministratorInformation Assurance OfficerECLP-1, ECWN-1
SV-35035r1_rule WIR-MOS-AND-G-021 LOW Use of the smartphone camera must be approved and documented in site physical security policy. This is an operational security issue. Sensitive DoD data could be compromised if cameras are allowed in areas not authorized by the site physical security plan.System AdministratorInformation Assurance OfficerDesignated Approving AuthorityInformation Assurance ManagerECWN-1
SV-35037r1_rule WIR-MOS-AND-G-011 MEDIUM Device minimum password/passcode length must be set. Sensitive DoD data could be compromised if a device unlock password/passcode is not set to required length on a DoD smartphones. System AdministratorECWN-1, IAIA-1
SV-35040r1_rule WIR-MOS-AND-G-014 MEDIUM The smartphone Auto-Lock must be set. Sensitive DoD data could be compromised if the smartphone does not automatically lock after a set period of inactivity.System AdministratorPESL-1
SV-35041r1_rule WIR-MOS-AND-G-015 LOW The smartphone passcode history setting must be set. The password/passcode would be more susceptible to compromise if the user can select frequently used passwords/passcodes.System AdministratorIAIA-1
SV-34994r1_rule WIR-MOS-AND-040-01 MEDIUM The smartphone Bluetooth radio must be disabled if not authorized for use. The Bluetooth radio can be used by a hacker to connect to the smartphone without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave.System AdministratorECWN-1
SV-34999r1_rule WIR-MOS-AND-041 LOW The smartphone device Wi-Fi radio must be disabled as the default setting and is enabled only when Wi-Fi connectivity is required. The Wi-Fi radio can be used by a hacker to connect to the smartphone without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave.System AdministratorInformation Assurance OfficerECWN-1
SV-35042r1_rule WIR-MOS-AND-G-007 MEDIUM All smartphones must display the required banner during device unlock/ logon. DoD CIO memo requires all PDAs, BlackBerrys, and smartphones to have a consent banner displayed during logon/device unlock to ensure users understand their responsibilities to safeguard DoD data. System AdministratorECWM-1
SV-35000r1_rule WIR-MOS-AND-042 LOW Location services must be turned off on the smartphone during device provisioning. Smartphone location services allow applications to gather information about the location of the handheld device and possibly forward it to servers located on the Internet. This is an operational security issue for DoD smartphones devices.System AdministratorInformation Assurance OfficerECWN-1
SV-35001r1_rule WIR-MOS-AND-043 MEDIUM The site must set up local operating procedures for initial provisioning and subsequent software and application updates using the procedures published in the STIG Overview document. Strong configuration management of applications on a smartphone is a key malware control. Most smartphones must have individual commercial web portal (e.g., iTunes, Android Market, etc.) accounts and be connected to the commercial App Store to provision the smartphone. A DoD user can jailbreak a smartphone and bypass smartphone application and malware controls. To ensure strong configuration management of the security baseline of the smartphone, all software loading should be done by the SA.System AdministratorInformation Assurance OfficerDCPR-1, PESP-1
SV-35002r1_rule WIR-MOS-AND-044 LOW The Personal Hotspot feature of the mobile OS must be disabled if it does not meet DoD WLAN or Bluetooth security requirements and is not approved by the IAO. The Wi-Fi radio and Bluetooth radio can be used by a hacker to connect to the smartphone without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave. This setting would allow the device Wi-Fi radio to automatically connect to a Wi-Fi network. The Bluetooth and Wi-Fi connections do not support DoD wireless encryption and authentication requirements.System AdministratorInformation Assurance OfficerECWN-1
SV-35082r1_rule WIR-MOS-AND-G-026 MEDIUM Full Device Administration must be implemented on the smartphone. If this configuration is not set as required, the security policy from the server will not be implemented on the smartphone. Sensitive DoD data could be compromised.System AdministratorECWN-1
SV-35087r1_rule WIR-MOS-AND-G-027 MEDIUM Enable Full Device Lock must be set. Sensitive DoD data could be exposed if this configuration is not set as required.System AdministratorECWN-1
SV-35090r1_rule WIR-MOS-AND-G-028 LOW Enable remote device password reset must be set. Without this capability a user could be locked out of their smartphone for significant time periods, affecting the mission of the organization.System AdministratorECWN-1, IAIA-1
SV-35092r1_rule WIR-MOS-AND-G-029-01 MEDIUM Enable remote SD card wipe must be configured. Sensitive DoD data could be compromised if mobile OS device data could not be wiped when directed by the system administrator.System AdministratorECCR-1, ECWN-1
SV-35095r1_rule WIR-MOS-AND-G-029-02 MEDIUM Allow SD card encryption must be configured. Sensitive DoD data could be compromised if a mobile OS device data is not encrypted.System AdministratorECCR-1, ECWN-1
SV-35097r1_rule WIR-MOS-AND-G-035 MEDIUM VPN must be configured as required. Sensitive DoD data could be compromised if the Android VPN client is used. The VPN client is not currently FIPS 140-2 validated and does not support CAC authentication. System AdministratorECWN-1
SV-35227r1_rule WIR-MOS-AND-G-008 MEDIUM Remote full device wipe must be enabled. Sensitive DoD data could be compromised if mobile OS device data could not be wiped when directed by the system administrator.System AdministratorECCR-1, ECWN-1
SV-36013r1_rule WIR-MOS-AND-033-02 MEDIUM The smartphone removable memory card (e.g., MicroSD) must be bound to the PDA or smartphone so it may not be read by any other PED or computer. Memory cards used to transfer files between PCs and PDAs is a migration path for the spread of malware on DoD computers and handheld devices. These risks are mitigated by the requirements listed in this check.System AdministratorECWN-1
SV-36019r1_rule WIR-MOS-AND-G-012-02 MEDIUM The smartphone password/passcode complexity (alphanumeric) must be set. Sensitive DoD data could be compromised if a strong device unlock password/passcode is not set up on a DoD smartphone. The complexity of the password is a key factor in the strength of the password. Complex passwords are harder to guess or obtain via a brute force attack.System AdministratorECWN-1, IAIA-1
SV-38756r1_rule WIR-MOS-AND-040-02 MEDIUM All mobile operating system (OS) device Bluetooth radio profiles must be disabled except for the serial port, handset and headset profiles. The Bluetooth radio can be used by a hacker to connect to the smartphone without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave. The serial port profile is used by the DoD approved Bluetooth smart card reader and the headset and handset profiles are used by the DoD approved Bluetooth headset.System AdministratorECWN-1
SV-38758r1_rule WIR-MOS-AND-040-03 MEDIUM The pairing of Bluetooth devices to DoD mobile OS devices must be controlled so only approved devices can pair to the smartphone. The Bluetooth radio can be used by a hacker to connect to the smartphone without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave. System AdministratorECWN-1
SV-38765r1_rule WIR-MOS-AND-036 MEDIUM The smartphone USB port must be configured as required. A smartphone can be jailbroken or rooted when connected to a PC with a jailbreak or rooting application installed on it. When a smartphone is jailbroken/rooted, the user or malware has root access and can bypass all device security controls. DoD sensitive data could be compromised.System AdministratorInformation Assurance OfficerECWN-1
SV-39452r1_rule WIR-MOS-AND-006-03 HIGH A security risk analysis must be performed on a mobile operating (OS) system application by the DAA or DAA authorized approval authority prior to the application being approved for use. Non-approved applications can contain malware. Approved applications should be reviewed and tested by the approving authority to ensure they do not contain malware, spyware, or have unexpected features (e.g., send private information to a web site, track user actions, connect to a non-DoD management server).Information Assurance OfficerDesignated Approving AuthorityDCCB-1, ECWN-1
SV-39515r1_rule WIR-MOS-AND-030-02 MEDIUM A compliance rule must be set up in the server defining required mobile OS software build version. Unapproved OS build versions do not support required security features. The security baseline of the Android system could be compromised if required security features are not available.System AdministratorECWN-1
SV-39764r1_rule WIR-MOS-AND-006-04 MEDIUM The Bluetooth configuration application must be installed on the Android device. The Bluetooth monitor application ensures the Bluetooth configuration of the Android device is in compliance with the DoD Bluetooth security standard. If not installed, it may be possible for a hacker to spoof the Bluetooth pairing process with the Android device, connect to the Android device via a Bluetooth connection, and steal sensitive DoD information.System AdministratorECWN-1
SV-39856r1_rule WIR-MOS-AND-045-01 MEDIUM Mobile OS devices (smartphones/tablets) must have a system integrity validation application installed or have validation scanning, using a PC based tool, completed on the required schedule. The purpose of this scan is to determine if there has been an unexplained change in the mobile OS file system that may indicate the device has been compromised by malware or by rooting the device.ECSC-1
SV-39869r1_rule WIR-MOS-AND-045-05 MEDIUM The results and mitigation actions from Mobile OS device integrity validation tool scans on site managed Mobile OS devices must be maintained by the site for at least 6 months (1 year recommended). Scan results must be maintained so that auditors can verify mitigation actions have been completed, so that a scan can be compared to a previous scan, and to determine if there is any security vulnerability trends for site managed mobile OS devices.System AdministratorECWN-1
SV-39870r1_rule WIR-MOS-AND-045-06 MEDIUM Mitigation actions identified by Mobile OS device integrity tool scans on site managed Mobile OS devices must be implemented. If mitigation actions identified by the Mobile OS device integrity tool are not implemented, DoD data and the enclave could be at risk of being compromised.System AdministratorECWN-1
SV-40283r1_rule WIR-MOS-AND-045-02 MEDIUM Mobile OS devices (smartphones / tablets) must have a device integrity validation tool baseline scan on file. The purpose of this scan is to determine if there has been an unexplained change in the mobile OS file system indicating the device has been compromised by malware or by rooting the device. A baseline scan provides a known good condition to compare with subsequent scans. A new baseline scan should be completed after the installation or removal of an application.System AdministratorInformation Assurance OfficerECWN-1
SV-40286r1_rule WIR-MOS-AND-045-03 MEDIUM Mobile OS devices (smartphones/tablets) device integrity validation scan interval must be 6 hours or less. The purpose of this scan is to determine if there has been an unexplained change in the mobile OS file system that may indicate the device has been compromised by malware or by rooting the device.System AdministratorInformation Assurance OfficerECWN-1
SV-40290r1_rule WIR-MOS-AND-045-04 MEDIUM Mobile OS device integrity tool scans must be reviewed daily by the system administrator or IAO (or continuously by a server). If mitigation actions identified by the Mobile OS device integrity tool are not implemented, DoD data and the enclave could be at risk of being compromised.System AdministratorInformation Assurance OfficerECWN-1
SV-68195r1_rule WIR-MOS-AND-999 CCI-000366 HIGH Android 2.2 Dell mobile operating systems that are no longer supported by the vendor for security updates must not be installed on a system. Android 2.2 Dell mobile operating systems that are no longer supported by the vendor for security updates are not evaluated or updated for vulnerabilities, leaving them open to potential attack. Organizations must transition to a supported mobile operating system to ensure continued support.