| GOOG-16-002800 - Google Android 16 must be configured to enable audit logging. | AUDIT AND ACCOUNTABILITY |
| GOOG-16-006000 - Google Android 16 must be configured to enforce a minimum password length of six characters. | IDENTIFICATION AND AUTHENTICATION |
| GOOG-16-006100 - Google Android 16 must be configured to not allow passwords that include more than four repeating or sequential characters - Characters | IDENTIFICATION AND AUTHENTICATION |
| GOOG-16-006100 - Google Android 16 must be configured to not allow passwords that include more than four repeating or sequential characters - Numbers | IDENTIFICATION AND AUTHENTICATION |
| GOOG-16-006300 - Google Android 16 must be configured to lock the display after 15 minutes (or less) of inactivity - or less of inactivity. | ACCESS CONTROL |
| GOOG-16-006400 - Google Android 16 must be configured to not allow more than 10 consecutive failed authentication attempts. | ACCESS CONTROL |
| GOOG-16-006500 - Google Android 16 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DOD-approved commercial app repository, MDM server, mobile application store]. | CONFIGURATION MANAGEMENT |
| GOOG-16-006600 - Google Android 16 must be configured to enforce an application installation policy by specifying an application allowlist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version]. | CONFIGURATION MANAGEMENT |
| GOOG-16-006700 - Google Android 16 allowlist must be configured to not include applications with the following characteristics: | IDENTIFICATION AND AUTHENTICATION |
| GOOG-16-006750 - Google Android 16 allowlist must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini - AI applications that process device data in the cloud, including Google Gemini. | IDENTIFICATION AND AUTHENTICATION |
| GOOG-16-006800 - Google Android 16 must be configured to not display the following (work profile) notifications when the device is locked: | ACCESS CONTROL |
| GOOG-16-007200 - Google Android 16 must be configured to disable trust agents - NOTE: This requirement is not applicable (NA) for specific biometric authentication factors included in the product's Common Criteria evaluation. | IDENTIFICATION AND AUTHENTICATION |
| GOOG-16-007400 - Google Android 16 must be configured to disable developer modes. | CONFIGURATION MANAGEMENT |
| GOOG-16-007700 - Google Android 16 must be configured to display the DOD advisory warning message at startup or each time the user unlocks the device. | ACCESS CONTROL |
| GOOG-16-007800 - Google Android 16 must be configured to generate audit records for the following auditable events: Detected integrity violations. | AUDIT AND ACCOUNTABILITY |
| GOOG-16-008400 - Google Android 16 must be configured to disable USB mass storage mode. | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-16-008500 - Google Android 16 must be configured to not allow backup of [all applications, configuration data] to locally connected systems. | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-16-008600 - Google Android 16 must be configured to not allow backup of [all applications, configuration data] to remote systems. | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-16-008700 - Google Android 16 must be configured to enable authentication of personal hotspot connections to the device using a preshared key. | ACCESS CONTROL |
| GOOG-16-008900 - Google Android 16 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes]. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-16-009000 - Google Android 16 must be configured to disable multiuser modes. | ACCESS CONTROL |
| GOOG-16-009400 - Google Android 16 must be configured to disable Bluetooth or configured via User Based Enforcement (UBE) to allow Bluetooth for only Headset Profile (HSP), Hands-Free Profile (HFP), and Serial Port Profile (SPP) - SPP. | CONFIGURATION MANAGEMENT |
| GOOG-16-009500 - Google Android 16 must be configured to disable ad hoc wireless client-to-client connection capability. | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-16-009800 - Google Android 16 users must complete required training. | CONFIGURATION MANAGEMENT |
| GOOG-16-009900 - Google Android 16 must be configured to disable Wi-Fi Sharing. | CONFIGURATION MANAGEMENT |
| GOOG-16-009950 - Google Android 16 must be configured to enforce a password for Wi-Fi and Bluetooth hotspot if approved for use by the authorizing official (AO). If not approved for use, Wi-Fi and Bluetooth hotspot must be disabled - AO. If not approved for use, Wi-Fi and Bluetooth hotspot must be disabled. | CONFIGURATION MANAGEMENT |
| GOOG-16-010000 - Google Android 16 must have the DOD root and intermediate PKI certificates installed. | CONFIGURATION MANAGEMENT |
| GOOG-16-010100 - The Google Android 16 work profile must be configured to prevent users from adding personal email accounts to the work email app. | CONFIGURATION MANAGEMENT |
| GOOG-16-010200 - The Google Android 16 work profile must be configured to enforce the system application disable list. | CONFIGURATION MANAGEMENT |
| GOOG-16-010300 - Google Android 16 must be provisioned as a fully managed device and configured to create a work profile. | CONFIGURATION MANAGEMENT |
| GOOG-16-010400 - The Google Android 16 work profile must be configured to disable automatic completion of workspace internet browser text input. | CONFIGURATION MANAGEMENT |
| GOOG-16-010500 - The Google Android device must be configured to disable Wi-Fi Aware for Work Profile apps. | CONFIGURATION MANAGEMENT |
| GOOG-16-010600 - Google Android 16 must implement the management setting: disable the Bluetooth radio. | CONFIGURATION MANAGEMENT |
| GOOG-16-010800 - Android 16 devices must have the latest available Google Android 16 operating system installed. | CONFIGURATION MANAGEMENT |
| GOOG-16-010900 - Android 16 devices must be configured to disable the use of third-party keyboards. | CONFIGURATION MANAGEMENT |
| GOOG-16-011000 - Android 16 devices must be configured to enable Common Criteria (CC) Mode - CC Mode. | CONFIGURATION MANAGEMENT |
| GOOG-16-012200 - Google Android 16 must be configured to disable all data signaling over [assignment: list of externally accessible hardware ports (for example, USB)] - for example, USB]. | ACCESS CONTROL |
| GOOG-16-012300 - Google Android 16 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates - EMM to install/remove DOD root and intermediate PKI certificates. | CONFIGURATION MANAGEMENT |
| GOOG-16-012400 - Google Android 16 must allow only the administrator (MDM) to perform the following management function: Disable Phone Hub - MDM to perform the following management function: Disable Phone Hub. | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-16-012500 - Google Android 16 must be configured to disable 'Private Space' use - Private Space use. | CONFIGURATION MANAGEMENT |
| GOOG-16-013000 - Google Android 16 must disable the user's ability to wipe the device. | CONFIGURATION MANAGEMENT |
| GOOG-16-013100 - Google Android 16 must disable the use of assistants (including Google Assistant) unless required to meet Section 508 compliance requirements. | CONFIGURATION MANAGEMENT |
| GOOG-16-013200 - Google Android 16 must disable wireless printing. | CONFIGURATION MANAGEMENT |
| GOOG-16-013300 - Google Android 16 must disable screen capture. | CONFIGURATION MANAGEMENT |
| GOOG-16-013400 - Google Android 16 devices must have a Mobile Threat Detection (MTD) app installed. | CONFIGURATION MANAGEMENT |
| GOOG-16-013500 - Google Android 16 must implement the management setting: disable Camera. | CONFIGURATION MANAGEMENT |
