Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-58805 | LGA5-20-000502 | SV-73235r1_rule | Medium |
Description |
---|
If the mobile operating system were to display notifications or calendar information on the lock screen, an adversary may be able to gather sensitive data without needing to Unlock the device. This adversary may use this gathered intelligence to plan future attacks and possibly a physical attack. By disabling notifications on the lock screen, this prevents sensitive data from being displayed openly on the device’s lock screen. SFR ID: FMT_MOF.1.1(2) #12 |
STIG | Date |
---|---|
LG Android 5.x Interim Security Configuration Guide | 2015-09-22 |
Check Text ( C-59649r1_chk ) |
---|
This validation procedure is performed on both the MDM Administration Console and the LG Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Allow Contact info Access on lockscreen" setting in the MDM console. 2. Verify the setting is disabled. On the LG Android 5.0 platform device: 1. Unlock the device 2. Add a phone number in the Contacts with contact name. 3. Lock the LG device. 4. Call the LG device from another phone. 5. Verify the LG device displays the incoming call phone number but not the contact name. If "Allow Contact info Access on lockscreen" setting on the MDM is not set correctly, or if the contact name is displayed on the locked screen for a received call on the LG device, this is a finding. |
Fix Text (F-64189r1_fix) |
---|
Configure the mobile device to disable contact info access on lockscreen. On the MDM Administration Console, set the "Allow Contact info Access on lockscreen" to disable. |