UCF STIG Viewer Logo

Android 2.2 (Dell) Security Technical Implementation Guide


Overview

Date Finding Count (49)
2011-11-28 CAT I (High): 3 CAT II (Med): 36 CAT III (Low): 10
STIG Description
This STIG contains technical security controls required for the use of the Android 2.2 (Dell version) mobile operating system in the DoD environment when managed by the Good Mobility Suite.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-24986 High All non-core applications on the mobile OS device must be approved by the DAA or Command IT Configuration Control Board.
V-29894 High A security risk analysis must be performed on a mobile operating (OS) system application by the DAA or DAA authorized approval authority prior to the application being approved for use.
V-25007 High Smartphones must be configured to require a password/passcode for device unlock.
V-25003 Medium A compliance rule must be set up in the server defining required mobile OS software versions.
V-18856 Medium Removable memory cards (e.g., MicroSD) must have data stored on the card encrypted with a FIPS 140-2 validated cryptographic module.
V-27635 Medium Remote full device wipe must be enabled.
V-27632 Medium Enable remote SD card wipe must be configured.
V-27633 Medium Allow SD card encryption must be configured.
V-27630 Medium Enable Full Device Lock must be set.
V-28295 Medium The smartphone removable memory card (e.g., MicroSD) must be bound to the PDA or smartphone so it may not be read by any other PED or computer.
V-28297 Medium The smartphone password/passcode complexity (alphanumeric) must be set.
V-25019 Medium The smartphone Bluetooth radio must be disabled if not authorized for use.
V-30193 Medium The Bluetooth configuration application must be installed on the Android device.
V-24983 Medium S/MIME must be installed on smartphones so users can sign/encrypt email.
V-25016 Medium Device minimum password/passcode length must be set.
V-25017 Medium The smartphone Auto-Lock must be set.
V-25010 Medium The smartphone inactivity timeout must be set.
V-25011 Medium Password/passcode maximum failed attempts must be set to required value.
V-25012 Medium Access to public application stores must be disabled.
V-25013 Medium Users must not be allowed to download applications on smartphones without SA control.
V-29949 Medium A compliance rule must be set up in the server defining required mobile OS software build version.
V-25842 Medium The site must set up local operating procedures for initial provisioning and subsequent software and application updates using the procedures published in the STIG Overview document.
V-19899 Medium All wireless PDA and smartphone client VPNs must have split tunneling disabled.
V-19898 Medium All wireless PDA clients used for remote access to DoD networks must have a VPN supporting CAC authentication.
V-30566 Medium Mobile OS devices (smartphones / tablets) must have a device integrity validation tool baseline scan on file.
V-30567 Medium Mobile OS devices (smartphones/tablets) device integrity validation scan interval must be 6 hours or less.
V-30250 Medium Mitigation actions identified by Mobile OS device integrity tool scans on site managed Mobile OS devices must be implemented.
V-30568 Medium Mobile OS device integrity tool scans must be reviewed daily by the system administrator or IAO (or continuously by a server).
V-19897 Medium All wireless PDA clients used for remote access to DoD networks must enable AES encryption for the VPN.
V-27629 Medium Full Device Administration must be implemented on the smartphone.
V-25022 Medium All smartphones must display the required banner during device unlock/ logon.
V-24981 Medium Smartphone devices must have required operating system software versions installed.
V-27634 Medium VPN must be configured as required.
V-30249 Medium The results and mitigation actions from Mobile OS device integrity validation tool scans on site managed Mobile OS devices must be maintained by the site for at least 6 months (1 year recommended).
V-30248 Medium Mobile OS devices (smartphones/tablets) must have a system integrity validation application installed or have validation scanning, using a PC based tool, completed on the required schedule.
V-29529 Medium The smartphone USB port must be configured as required.
V-29524 Medium All mobile operating system (OS) device Bluetooth radio profiles must be disabled except for the serial port, handset and headset profiles.
V-29525 Medium The pairing of Bluetooth devices to DoD mobile OS devices must be controlled so only approved devices can pair to the smartphone.
V-18627 Medium The VPN client on wireless clients (PDAs, smartphones) used for remote access to DoD networks will be FIPS 140-2 validated. This check is not applicable if the installed VPN client is not used for remote access to DoD networks.
V-25051 Low Location services must be turned off on the smartphone during device provisioning.
V-27631 Low Enable remote device password reset must be set.
V-24982 Low Smart Card Readers (SCRs) used with smartphone must have required software version installed.
V-25018 Low The smartphone passcode history setting must be set.
V-26559 Low The Personal Hotspot feature of the mobile OS must be disabled if it does not meet DoD WLAN or Bluetooth security requirements and is not approved by the IAO.
V-25009 Low Maximum password/passcode age must be set.
V-24985 Low All Internet browsing on a DoD mobile operating system (OS) device will go through a DoD Internet proxy.
V-24984 Low If smartphone email auto signatures are used, the signature message must not disclose the email originated from a smartphone (e.g., “Sent From My Wireless Handheld”).
V-25014 Low Use of the smartphone camera must be approved and documented in site physical security policy.
V-25020 Low The smartphone device Wi-Fi radio must be disabled as the default setting and is enabled only when Wi-Fi connectivity is required.