GOOG-12-010100 - The Google Android 12 Work Profile must be configured to prevent users from adding personal email accounts to the work email app.

Information

If the user is able to add a personal email account (POP3, IMAP, EAS) to the work email app, it could be used to forward sensitive DoD data to unauthorized recipients. Restricting email account addition to the administrator or restricting email account addition to allowlisted accounts mitigates this vulnerability.

SFR ID: FMT_SMF_EXT.1.1 #47

Solution

Configure the Google Android 12 device to prevent users from adding personal email accounts to the work email app.

On the EMM console:

COPE:

1. Open 'Set user restrictions'.
2. Toggle 'Disallow modify accounts' to ON.

Refer to the EMM documentation to determine how to provision users' work email accounts for the work email app.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Android_12_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-250442r802684_rule, STIG-ID|GOOG-12-010100, Vuln-ID|V-250442

Plugin: MDM

Control ID: c9a485b7bbe199eeee2a1a13edb3f692511e974064babe7665d34ff0a34cdd46