The Google Android 14 BYOAD must be configured so that the work profile is removed if the device is no longer receiving security or software updates.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-260068 | GOOG-14-801000 | SV-260068r948409_rule | CCI-000366 | medium |
| Description | ||||
| When a BYOAD is out of compliance, DOD data and apps must be removed to protect against compromise of sensitive DOD information. Reference: DOD policy "Use of Non-Government Mobile Devices" (3.b.(1)ii). SFR ID: FMT_SMF_EXT.1.1 #47 | ||||
| STIG | Date | |||
| Google Android 14 BYOAD Security Technical Implementation Guide | 2024-02-16 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · V1R1 · disa_xccdf · related
Details
Check Text (C-260068r948409_chk)
Verify the EMM system is configured to wipe the work profile if the Google Android 14 BYOAD is no longer receiving security or software updates. The exact procedure will depend on the EMM system used at the site.
If the EMM system is not configured to wipe the work profile if the Google Android 14 BYOAD is no longer receiving security or software updates, this is a finding.
Fix Text (F-63706r948408_fix)
Configure the EMM system so the work profile is removed if the Google Android 14 BYOAD is no longer receiving security or software updates. The exact procedure will depend on the EMM system used at the site.