Detections
Analytics

MobileIron - DISA Google Android 13 BYOD v1r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: MobileIron - DISA Google Android 13 BYOD v1r2

Updated: 3/13/2026

Authority: DISA STIG

Plugin: MDM

Revision: 1.2

Estimated Item Count: 23

File Details

Filename: DISA_STIG_Google_Android_13_BYOD_v1r2-MobileIron.audit

Size: 48.8 kB

MD5: a85edc68c81d477b20a918632630e021
SHA256: 38561f7f075f9c0a0700a585a785a4ef4116a21b8ebcc59f3d544f43371a9671

Audit Items

DescriptionCategories
GOOG-13-701100 - Google Android 13 must prohibit DOD VPN profiles in the Personal Profile.
GOOG-13-706000 - Google Android 13 must be configured to enforce a minimum password length of six characters and not allow passwords that include more than four repeating or sequential characters.
GOOG-13-706200 - Google Android 13 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
GOOG-13-706300 - Google Android 13 must be configured to lock the display after 15 minutes (or less) of inactivity - or less of inactivity.
GOOG-13-706400 - Google Android 13 must be configured to not allow more than 10 consecutive failed authentication attempts.
GOOG-13-706500 - Google Android 13 must be configured to enforce an application installation policy by specifying one or more authorized application repositories.
GOOG-13-706600 - Google Android 13 must be configured to enforce an application installation policy by specifying an application allowlist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version].
GOOG-13-706700 - Google Android 13 allowlist must be configured to not include applications with the following characteristics (work profile only):
GOOG-13-706800 - Google Android 13 must be configured to not display the following (work profile) notifications when the device is locked:
GOOG-13-707200 - Google Android 13 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation.
GOOG-13-707700 - Google Android 13 must be configured to display the DOD advisory warning message at startup or each time the user unlocks the Work Profile.
GOOG-13-708600 - Google Android 13 must be configured to not allow backup of all work profile applications to remote systems.
GOOG-13-708900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].
GOOG-13-709800 - Google Android 13 users must complete required training.
GOOG-13-710000 - Google Android 13 must have the DOD root and intermediate PKI certificates installed (work profile only).
GOOG-13-710100 - The Google Android 13 work profile must be configured to prevent users from adding personal email accounts to the work email app.
GOOG-13-710200 - The Google Android 13 work profile must be configured to enforce the system application disable list (work profile only).
GOOG-13-710300 - Google Android 13 must be provisioned as a BYOAD device (Android work profile for employee-owned devices [BYOD]).
GOOG-13-710400 - The Google Android 13 work profile must be configured to disable automatic completion of workspace internet browser text input.
GOOG-13-710500 - The Google Android 13 work profile must be configured to disable the autofill services.
GOOG-13-710800 - Android 13 devices must have the latest available Google Android 13 operating system installed.
GOOG-13-710900 - Android 13 devices must be configured to disable the use of third-party keyboards (work profile only).
GOOG-13-712300 - The Google Android 13 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates (work profile) - EMM to install/remove DOD root and intermediate PKI certificates.