Google Android 15 must be configured to enforce a password for Wi-Fi and Bluetooth hotspot, if approved for use by the authorizing official (AO). If not approved for use, Wi-Fi and Bluetooth hotspot must be disabled.

An XCCDF Rule

Description

<VulnDiscussion>Wi-Fi and Bluetooth hotspot use may increase the risk for exposing sensitive DOD data for some use cases, therefore it should be disabled unless approved by the AO. When a DOD mobile phone is used as a Wi-Fi or Bluetooth hotspot, a hotspot password must be enabled, otherwise unauthorized devices could connect to the DOD hotspot which may increase the risk of exposure of sensitive DOD data and/or a performance degradation of the DOD mobile phone. SFRID: FMT_SMF_EXT.1.1 / WLAN #3</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-267549r1031832_rule
Severity: Medium
References: CCI-000366
Updated: 18 days ago

Disable hotspot functions on the DOD phone if not approved by the AO. 

On the EMM console:

COBO:
1. Open "Set user restrictions".
2. Toggle "Disallow config tethering" to "ON".

COPE:

1. Open "Set user restrictions on parent".
2. Toggle "Disallow config tethering" to "ON".

If the use of Wi-Fi and Bluetooth hotspots has been approved by the AO, train the user to not change the default hotspot password (see GOOG-15-009800). By default, when Wi-Fi Hotspot is enabled, a 15-character complex password is automatically configured for the hotspot.

Google Android 15 must be configured to enforce a password for Wi-Fi and Bluetooth hotspot, if approved for use by the authorizing official (AO). If not approved for use, Wi-Fi and Bluetooth hotspot must be disabled.

Description

Remediation - Manual Procedure