Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
Verify the EMM system supporting the Google Android 13 BYOAD has been configured to conduct autonomous monitoring, compliance, and validation to ensure security/configuration settings of mobile devices do not deviate from the approved configuration baseline. The exact procedure will depend on the EMM system used at the site. If the EMM system supporting the Google Android 13 BYOAD has not been configured to conduct autonomous monitoring, compliance, and validation to ensure security/configuration settings of mobile devices, this is a finding.
Configure the EMM system supporting the Google Android 13 BYOAD to conduct autonomous monitoring, compliance, and validation to ensure security/configuration settings of mobile devices do not deviate from the approved configuration baseline. The exact procedure will depend on the EMM system used at the site.
Verify the EMM system supporting the Google Android 13 BYOAD has been configured to initiate autonomous monitoring, compliance, and validation prior to granting the BYOAD access to DOD information and IT resources. The exact procedure will depend on the EMM system used at the site. If the EMM system supporting the Google Android 13 BYOAD has not been configured to initiate autonomous monitoring, compliance, and validation prior to granting the BYOAD access to DOD information and IT resources, this is a finding.
Configure the EMM system supporting the Google Android 13 BYOAD to initiate autonomous monitoring, compliance, and validation prior to granting the BYOAD access to DOD information and IT resources. The exact procedure will depend on the EMM system used at the site.
Verify the EMM system supporting the Google Android 13 BYOAD has been configured to detect if the BYOAD native security controls are disabled. The exact procedure will depend on the EMM system used at the site. If the EMM system supporting the Google Android 13 BYOAD is not configured to detect if the BYOAD native security controls are disabled, this is a finding.
Configure the EMM system supporting the Google Android 13 BYOAD to detect if the BYOAD native security controls are disabled. The exact procedure will depend on the EMM system used at the site.
Verify an app vetting process is being used to vet apps before work profile apps are placed in the MDM app repository. If an app vetting process is not being used to vet apps before work profile apps are placed in the MDM app repository, this is a finding.
Implement an app vetting process before work profile apps are placed in the MDM app repository.
Verify the EMM detection/monitoring system is configured to use continuous monitoring of enrolled Google Android 13 BYOAD. The exact procedure will depend on the EMM system used at the site. If the EMM detection/monitoring system is not configured to use continuous monitoring of enrolled Google Android 13 BYOAD, this is a finding.
Configure the EMM detection/monitoring system to use continuous monitoring of enrolled Google Android 13 BYOAD. The exact procedure will depend on the EMM system used at the site.
Verify the EMM has been configured to either disable access to DOD data, IT systems, and user accounts on the Google Android 13 BYOAD or wipe the work profile if it has been detected that native BYOAD security controls are disabled (e.g., jailbroken/rooted). The exact procedure will depend on the EMM system used at the site. If the EMM has not been configured to either disable access to DOD data, IT systems, and user accounts on the Google Android 13 BYOAD or wipe the work profile if it has been detected that native BYOAD security controls are disabled, this is a finding.
Configure the EMM to either disable access to DOD data and IT systems and user accounts on the Google Android 13 BYOAD or wipe the work profile if it has been detected that native BYOAD security controls are disabled (e.g., jailbroken/rooted). The exact procedure will depend on the EMM system used at the site.
Verify the EMM system has been configured to either disable access to DOD data and IT systems and user accounts or the work profile if it has detected the Google Android 13 BYOAD device has known malicious, blocked, or prohibited managed applications, or configured to access nonapproved third-party applications stores for managed apps. The exact procedure will depend on the EMM system used at the site. If the EMM system has not been configured to either disable access to DOD data and IT systems and user accounts or wipe the work profile if it has detected the Google Android 13 BYOAD device has known malicious, blocked, or prohibited managed applications, or configured to access nonapproved third-party applications stores for managed apps, this is a finding.
Configure the EMM system to either disable access to DOD data and IT systems and user accounts or wipe the work profile if it has detected the Google Android 13 BYOAD device has known malicious, blocked, or prohibited managed applications, or configured to access nonapproved third-party applications stores for managed apps. The exact procedure will depend on the EMM system used at the site.
Verify the EMM system is configured to wipe the work profile if the Google Android 13 BYOAD is no longer receiving security or software updates. The exact procedure will depend on the EMM system used at the site. If the EMM system is not configured to wipe the work profile if the Google Android 13 BYOAD is no longer receiving security or software updates, this is a finding.
Configure the EMM system so the work profile is removed if the Google Android 13 BYOAD is no longer receiving security or software updates. The exact procedure will depend on the EMM system used at the site.
Verify the EMM system and DOD enterprise have been configured to limit the Google Android 13 BYOAD access to only AO-approved enterprise IT resources. The exact procedure will depend on the EMM system used and IT resources at the site. If the EMM system and DOD enterprise have not been configured to limit Google Android 13 BYOAD access to only AO-approved enterprise IT resources, this is a finding.
Configure the EMM system and DOD enterprise to limit the Google Android 13 BYOAD access to only AO-approved enterprise IT resources. The exact procedure will depend on the EMM system used and IT resources at the site.
Verify the EMM system supporting the Google Android 13 BYOAD is NIAP-validated (included on the NIAP list of compliant products or products in evaluation). If not, verify the DOD CIO has granted an Approved Exception to Policy (E2P). Note: For a VMI solution, both the client and server components must be NIAP compliant. If the EMM system supporting the Google Android 13 BYOAD is not NIAP-validated (included on the NIAP list of compliant products or products in evaluation) and the DOD CIO has not granted an Approved Exception to Policy (E2P), this is a finding.
Only use an EMM system supporting the Google Android 13 BYOAD that is NIAP validated (included on the NIAP list of compliant products or products in evaluation), unless the DOD CIO has granted an Approved Exception to Policy (E2P). Note: For a VMI solution, both the client and server components must be NIAP compliant.
Verify the user agreement includes a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools. If the user agreement does not include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools, this is a finding.
Include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools in the user agreement.
Verify the DOD Mobile Service Provider or ISSO/ISSM do not allow BYOADs in facilities where personally owned mobile devices are prohibited. If the DOD Mobile Service Provider or ISSO/ISSM allows BYOADs in facilities where personally owned mobile devices are prohibited, this is a finding.
Do not allow BYOADs in facilities where personally owned mobile devices are prohibited.
Verify Google Android 13 BYOADs are prohibited in DOD facilities that prohibit mobile devices with cameras and microphones. If for DOD sites that prohibit mobile devices with cameras and microphones, Google Android 13 BYOADs have not been prohibited from the facility by the ISSO/ISSM, this is a finding.
Do not allow Google Android 13 BYOADs in DOD facilities where mobile phone cameras and/or microphones are prohibited.
Verify the mobile device used for BYOAD is NIAP validated (included on the NIAP list of compliant products or products in evaluation). If the mobile device used for BYOAD is not NIAP validated (included on the NIAP list of compliant products or products in evaluation), this is a finding.
Use only mobile devices for BYOAD that are NIAP validated (included on the NIAP list of compliant products or products in evaluation).