Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-242557 | ZEBR-10-009200 | SV-242557r714516_rule | Medium |
Description |
---|
If the user is able to add a personal email account (POP3, IMAP, EAS) to the work email app, it could be used to forward sensitive DoD data to unauthorized recipients. Restricting email account addition to the administrator or restricting email account addition to whitelisted accounts mitigates this vulnerability. SFR ID: FMT_SMF_EXT.1.1 #47 |
STIG | Date |
---|---|
Zebra Android 10 COPE Security Technical Implementation Guide | 2021-05-27 |
Check Text ( C-45832r714514_chk ) |
---|
Review the Zebra Android 10 Work Profile configuration settings to confirm that users are prevented from adding personal email accounts to the work email app. This procedure is performed on both the MDM Administrator console and the Zebra Android 10 device. On the MDM console: 1. Open User restrictions. 2. Verify that "Disallow modify accounts" is set to On. On the Zebra Android 10 device: 1. Open Settings. 2. Tap "Accounts". 3. Verify that "Add account" is grayed out under the Work section. If on the MDM console the restriction to "Disallow modify accounts" is not set or on the Zebra Android 10 device the user is able to add an account in the Work section, this is a finding. |
Fix Text (F-45789r714515_fix) |
---|
Configure Zebra Android 10 Work Profile to prevent users from adding personal email accounts to the work email app. On the MDM console, for the Work Profile: 1. Open User restrictions. 2. Set "Disallow modify accounts" to On. Refer to the MDM documentation to determine how to provision users' work email accounts for the work email app. |