The LG Android 5.0 platform must be configured to fully wipe protected data upon unenrollment from the MDM.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-58791	LGA5-10-001300	SV-73221r1_rule		Medium

Description
When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, so it is at much greater risk of unauthorized access and disclosure. SFR ID: FMT_SMF.1.1 #42

STIG	Date
LG Android 5.x Interim Security Configuration Guide	2015-09-22

Details

Check Text ( C-59635r1_chk )
This validation procedure is performed on the MDM Administration Console. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to verify on the MDM console the "Device + SD Card Wipe" setting is automatically implemented upon unenrollment of the device from the MDM. If the "Device + SD Card Wipe" setting is not enabled upon device unenrollment from the MDM, this is a finding.

Check Text ( C-59635r1_chk )

This validation procedure is performed on the MDM Administration Console.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to verify on the MDM console the "Device + SD Card Wipe" setting is automatically implemented upon unenrollment of the device from the MDM.

If the "Device + SD Card Wipe" setting is not enabled upon device unenrollment from the MDM, this is a finding.

Fix Text (F-64175r1_fix)
Configure the mobile device to wipe protected data from the device when it is unenrolled from MDM. On the MDM Administration Console, set the MDM to automatically enable the "Device + SD Card Wipe" when the device is unenrolled from the MDM.