Google Android 16 must disable the user's ability to wipe the device.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-276889 | GOOG-16-013000 | SV-276889r1188340_rule | CCI-000366 | medium |
| Description | ||||
| This feature must be disabled to comply with DOD electronic records retention requirements for mobile devices. Otherwise, mobile device users could wipe the device, which would violate DOD policy. SFR ID: FMT_MOF_EXT.1.2 #47 | ||||
| STIG | Date | |||
| Google Android 16 COPE Security Technical Implementation Guide | 2026-02-12 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · V1R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · V1R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · V1R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · V1R2 · disa_xccdf · related
Details
Check Text (C-276889r1188340_chk)
Verify the Android device user has been trained to not perform a factory wipe without the approval of the authorizing official (AO). Confirm by reviewing the site's mobile device training records or the User Agreement. This is a User-Based Enforcement (UBE) control.
If the Android device user has not been trained to not perform a factory wipe without the approval of the AO, this is a finding.
Fix Text (F-80949r1188339_fix)
Train users to not perform a factory reset on the Android device without AO approval. Document training via the site's mobile device training records or the User Agreement. This is a UBE control.
Note: It is not possible for the MDM to enforce this control when the Android device is deployed in COPE mode.