Microsoft Android 11 COPE Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes.
App data sharing gives apps the ability to access the data of other apps for enhanced user functionality. However, sharing also poses a significant risk that unauthorized users or apps will obtain ...Rule Medium Severity -
PP-MDF-301280
Group -
Microsoft Android 11 must be configured to disable multi-user modes.
Multi-user mode allows multiple users to share a mobile device by providing a degree of separation between user data. To date, no mobile device with multi-user mode features meets DOD requirements ...Rule Medium Severity -
PP-MDF-302340
Group -
The mobile operating system must allow only the Administrator (MDM) to perform the following management function: Enable/disable location services.
If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DOD information systems. An adversary could exploi...Rule Low Severity -
PP-MDF-302360
Group -
PP-MDF-302370
Group -
Microsoft Android 11 must be configured to enable audit logging.
Audit logs enable monitoring of security-relevant events and subsequent forensics when breaches occur. To be useful, Administrators must have the ability to view the audit logs. SFR ID: FMT_SMF_EX...Rule Medium Severity -
PP-MDF-301420
Group -
PP-MDF-991000
Group -
Microsoft Android 11 users must complete required training.
The security posture of Android devices requires the device user to configure several required policy rules on their device. User-Based Enforcement (UBE) is required for these controls. In addition...Rule Medium Severity -
PP-MDF-991000
Group -
Microsoft Android 11 must be configured to enforce that Wi-Fi Sharing is disabled.
Wi-Fi Sharing is an optional configuration of Wi-Fi Tethering/Mobile Hotspot, which allows the device to share its Wi-Fi connection with other wirelessly connected devices instead of its mobile (ce...Rule Medium Severity -
PP-MDF-991000
Group -
Microsoft Android 11 must have the DOD root and intermediate PKI certificates installed.
DOD root and intermediate PKI certificates are used to verify the authenticity of PKI certificates of users and web services. If the root and intermediate certificates are not available, an adversa...Rule Medium Severity -
PP-MDF-992000
Group -
PP-MDF-991000
Group -
The Microsoft Android 11 Work Profile must be configured to prevent users from adding personal email accounts to the work email app.
If the user is able to add a personal email account (POP3, IMAP, EAS) to the work email app, it could be used to forward sensitive DOD data to unauthorized recipients. Restricting email account add...Rule Medium Severity -
PP-MDF-991000
Group -
PP-MDF-991000
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.