The Google Android 14 work profile must be configured to prevent users from adding personal email accounts to the work email app.

An XCCDF Rule

Description

<VulnDiscussion>If the user is able to add a personal email account (POP3, IMAP, EAS) to the work email app, it could be used to forward sensitive DOD data to unauthorized recipients. Restricting email account addition to the administrator or restricting email account addition to allowlisted accounts mitigates this vulnerability. SFR ID: FMT_SMF_EXT.1.1 #47</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-258432r928321_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

Configure the Google Android 14 device to prevent users from adding personal email accounts to the work email app. 
 
On the EMM console: 

COPE:
1. Open "Set user restrictions".
2. Toggle "Disallow modify accounts" to "ON".

Refer to the EMM documentation to determine how to provision users' work email accounts for the work email app.

The Google Android 14 work profile must be configured to prevent users from adding personal email accounts to the work email app.

Description

Remediation - Manual Procedure