On all Honeywell Mobility Edge Android Pie devices, cryptography must be configured to be in FIPS 140-2 validated mode.
Unapproved cryptographic algorithms cannot be relied upon to provide confidentiality or integrity, and DoD data could be compromised as a result. The Honeywell Android devices common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS 140-2 validation is also a strict requirement for use of cryptography in the Federal Government for protecting unclassified data.
SFR ID: FCS
Review Honeywell Android device configuration settings to determine if the mobile device is in FIPS enforce mode.
This validation procedure is performed on the Android Pie device.
On the Honeywell Android Pie device:
1. Open Settings >> Honeywell Settings >> FIPS Enforce Mode. 2. Verify the option of "FIPS Enforce Mode" is enabled.
If the option of "FIPS Enforce Mode" is disabled on the Honeywell Android Pie device, this is a finding.
Fix Text (F-38275r623100_fix)
Configure the Honeywell Android device to enable FIPS mode.
On the MDM console: 1. Ask the MDM Administrator to edit the following item in DeviceConfig.xml: Modify item: DeviceConfig >> HoneywellSetting >> EnforceOSFipsMode Value sample: 1: Enable OS FIPS mode; 0: Disable OS FIPS mode 2. In MDM console, the MDM Administrator will package this DeviceConfig.xml and push this package to the CN80G device.
On the Honeywell Android Pie device: 1. Open Settings >> Honeywell Settings >> FIPS Enforce Mode. 2. Enable FIPS Enforce mode.