The mobile device used for BYOAD must be NIAP validated.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-260074 | GOOG-14-802800 | SV-260074r948427_rule | CCI-000366 | medium |
| Description | ||||
| Nonapproved mobile devices may not include sufficient controls to protect work data, applications, and networks from malware or adversary attack. Components must only approve devices listed on the NIAP compliant product list or products listed in evaluation at the following links respectfully: - https://www.niap-ccevs.org/Product/ - https://www.niap-ccevs.org/Product/PINE.cfm Reference: DOD policy "Use of Non-Government Mobile Devices" (3.b.(1)i). SFR ID: FMT_SMF_EXT.1.1 #47 | ||||
| STIG | Date | |||
| Google Android 14 BYOAD Security Technical Implementation Guide | 2024-02-16 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · V1R1 · disa_xccdf · related
Details
Check Text (C-260074r948427_chk)
Verify the mobile device used for BYOAD is NIAP validated (included on the NIAP list of compliant products or products in evaluation).
If the mobile device used for BYOAD is not NIAP validated (included on the NIAP list of compliant products or products in evaluation), this is a finding.
Fix Text (F-63712r948426_fix)
Use only mobile devices for BYOAD that are NIAP validated (included on the NIAP list of compliant products or products in evaluation).