UCF STIG Viewer Logo

LG Android 6.x must protect data at rest on removable storage media.


Overview

Finding ID Version Rule ID IA Controls Severity
V-66825 LGA6-20-101201 SV-81315r2_rule High
Description
The mobile operating system must ensure the data being written to the mobile device's removable media is protected from unauthorized access. If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can read removable media directly, thereby circumventing operating system controls. Encrypting the data ensures confidentiality is protected even when the operating system is not running. SFR ID: FMT_SMF_EXT.1.1 #26
STIG Date
LG Android 6.x Security Technical Implementation Guide 2019-02-21

Details

Check Text ( C-67475r2_chk )
This validation procedure is performed on both the MDM Administration Console and the LG Android device.

On the MDM console, do the following:

1. Ask the MDM administrator to display the "Encryption" setting in the MDM console.
2. Verify "Storage Card Encryption" is enabled.
3. Verify the policy has been assigned to all groups.

On the LG Android device:

1. Unlock the device.
2. Navigate to Settings >> General >> Security (or Fingerprints & security).
3. Verify "Encrypt SD card storage" is enabled and cannot be disabled.

If on the MDM console the "Storage Card Encryption" is not enabled or if LG Android device "Encrypt SD card storage" is not enabled and grayed out, this is a finding.
Fix Text (F-72925r2_fix)
Configure the mobile operating system to enable data-at-rest protection for removable media.

On the MDM Administration Console, enable "Storage Card Encryption" for removable media.