The Google Android 15 work profile must be configured to prevent users from adding personal email accounts to the work email app.

An XCCDF Rule

Description

<VulnDiscussion>If the user is able to add a personal email account (POP3, IMAP, EAS) to the work email app, it could be used to forward sensitive DOD data to unauthorized recipients. Restricting email account addition to the administrator or restricting email account addition to allow listed accounts mitigates this vulnerability. SFRID: FMT_SMF.1.1 #47</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-267551r1033120_rule
Severity: Medium
References: CCI-000366
Updated: 16 days ago

Configure the Google Android 15 device to prevent users from adding personal email accounts to the work email app. 
 
On the EMM console: 

COPE:
1. Open "Set user restrictions".
2. Toggle "Disallow modify accounts" to "ON".

Refer to the EMM documentation to determine how to provision users' work email accounts for the work email app.

The Google Android 15 work profile must be configured to prevent users from adding personal email accounts to the work email app.

Description

Remediation - Manual Procedure