Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-254799 | GOOG-13-012400 | SV-254799r862779_rule | Low |
Description |
---|
It may be possible to transfer work profile data on a DOD Android device to an unauthorized ChromeBook if the user has the same Google Account set up on the ChromeBook and in the work profile on the Android device. This may result in the exposure of sensitive DOD data. SFR ID: FMT_MOF_EXT.1.2 #47 |
STIG | Date |
---|---|
Google Android 13 COPE Security Technical Implementation Guide | 2022-10-13 |
Check Text ( C-58410r862777_chk ) |
---|
Review the EMM configuration to confirm phone hub has been disabled. On the EMM console: 1. Open "Set user restrictions". 2. Verify "Nearby notification streaming policy" is set to "NEARBY_STREAMING_DISABLED". If on EMM console the "Nearby Streaming Policy" is not set to "NEARBY_STREAMING_DISABLED", this is a finding. Note: From a Chromebook, if a device is connected to the Phone Hub, try to set up the Notifications and it will fail to connect to the device to complete the set up if phone hub has been disabled on the DOD Android device. |
Fix Text (F-58356r862778_fix) |
---|
Configure Google Android 13 device to disable the nearby notification streaming policy to disable Phone Hub. COPE and COBO: On the EMM console: 1. Open "Set user restrictions". 2. Toggle "Nearby Streaming Policy" to "NEARBY_STREAMING_DISABLED". |