On all Honeywell Mobility Edge Android Pie devices, cryptography must be configured to be in FIPS 140-2 validated mode.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-235093	HONW-09-008400	SV-235093r626530_rule		High

Description
Unapproved cryptographic algorithms cannot be relied upon to provide confidentiality or integrity, and DoD data could be compromised as a result. The Honeywell Android devices common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS 140-2 validation is also a strict requirement for use of cryptography in the Federal Government for protecting unclassified data. SFR ID: FCS

Description

Unapproved cryptographic algorithms cannot be relied upon to provide confidentiality or integrity, and DoD data could be compromised as a result. The Honeywell Android devices common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS 140-2 validation is also a strict requirement for use of cryptography in the Federal Government for protecting unclassified data. SFR ID: FCS

STIG	Date
Honeywell Android 9.x COBO Security Technical Implementation Guide	2021-01-25

Details

Check Text ( C-38312r623104_chk )
Review Honeywell Android device configuration settings to determine if the mobile device is in FIPS enforce mode. This validation procedure is performed on the Android Pie device. On the Honeywell Android Pie device: 1. Open Settings >> Honeywell Settings >> FIPS Enforce Mode. 2. Verify the option of "FIPS Enforce Mode" is enabled. If the option of "FIPS Enforce Mode" is disabled on the Honeywell Android Pie device, this is a finding.

Check Text ( C-38312r623104_chk )

Review Honeywell Android device configuration settings to determine if the mobile device is in FIPS enforce mode.

This validation procedure is performed on the Android Pie device.

On the Honeywell Android Pie device:

1. Open Settings >> Honeywell Settings >> FIPS Enforce Mode.
2. Verify the option of "FIPS Enforce Mode" is enabled.

If the option of "FIPS Enforce Mode" is disabled on the Honeywell Android Pie device, this is a finding.

Fix Text (F-38275r623100_fix)
Configure the Honeywell Android device to enable FIPS mode. On the MDM console: 1. Ask the MDM Administrator to edit the following item in DeviceConfig.xml: Modify item: DeviceConfig >> HoneywellSetting >> EnforceOSFipsMode Value sample: 1: Enable OS FIPS mode; 0: Disable OS FIPS mode 2. In MDM console, the MDM Administrator will package this DeviceConfig.xml and push this package to the CN80G device. On the Honeywell Android Pie device: 1. Open Settings >> Honeywell Settings >> FIPS Enforce Mode. 2. Enable FIPS Enforce mode.

Fix Text (F-38275r623100_fix)

Configure the Honeywell Android device to enable FIPS mode.

On the MDM console:
1. Ask the MDM Administrator to edit the following item in DeviceConfig.xml:
Modify item: DeviceConfig >> HoneywellSetting >> EnforceOSFipsMode
Value sample: 1: Enable OS FIPS mode; 0: Disable OS FIPS mode
2. In MDM console, the MDM Administrator will package this DeviceConfig.xml and push this package to the CN80G device.

On the Honeywell Android Pie device:
1. Open Settings >> Honeywell Settings >> FIPS Enforce Mode.
2. Enable FIPS Enforce mode.