Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-235053 | HONW-09-007150 | SV-235053r626530_rule | Medium |
Description |
---|
When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, so it is at much greater risk of unauthorized access and disclosure. At least one of the two options must be selected. SFR ID: FMT_SMF_EXT.2.1 |
STIG | Date |
---|---|
Honeywell Android 9.x COBO Security Technical Implementation Guide | 2021-01-25 |
Check Text ( C-38241r623069_chk ) |
---|
Review Honeywell Android device configuration settings to determine if the mobile device is configured to prohibit the user from unenrolling the Honeywell device from MDM management. This validation procedure is performed only on the MDM Administration console. On the MDM console: Ensure "Disallow remove managed profile" is enabled. If the MDM console device policy is not configured to prohibit the user from unenrolling the Honeywell device from MDM management, this is a finding. |
Fix Text (F-38204r623070_fix) |
---|
On the MDM console: Enable "Disallow remove managed profile". Prior to unenrollment, the MDM administrator should issue a factory reset to ensure all data is wiped by doing the following in the MDM console: Wipe data. |