Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-58817 | LGA5-20-001300 | SV-73247r1_rule | Low |
Description |
---|
To ensure notice of and consent to the terms of the DoD standard user agreement, an Android app must display a consent banner. Additionally, the app must prevent further activity in the application unless and until the user executes a positive action to manifest agreement, such as by tapping an acceptance button in the app. By preventing access to the system until the user accepts the conditions, legal requirements are met to protect the DoD and to remind users the device is designed and implemented for business use. Additional information is found in DoD Instruction 8500.01. SFR ID: FMT_SMF.1.1 #42 |
STIG | Date |
---|---|
LG Android 5.x Interim Security Configuration Guide | 2015-09-22 |
Check Text ( C-59661r2_chk ) |
---|
Note: the following procedure is exactly the same as requirement LGA5-10-001100. The procedure only needs to be performed once. This validation procedure is performed on both the MDM Administration Console and the LG Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Enforce warning banner" setting in the MDM console. 2. Verify the Enforce warning banner has been set up and the wording is exactly as specified in the Vulnerability Discussion. On the LG Android device: 1. Reboot the device and verify the warning banner is displayed. 2. Verify the required text is displayed and the user must click "Agree" after checking "I understand and agree to this". If the "Enforce warning banner" setting is not set, does not show the required text, or if device does not show the Warning banner after every device reboot, this is a finding. |
Fix Text (F-64201r1_fix) |
---|
Configure the mobile device to enforce warning banner. On the MDM Administration Console, set the "Enforce warning banner" with the required text. |