GOOG-15-009950 - Google Android 15 must be configured to enforce a password for Wi-Fi and Bluetooth hotspot, if approved for use by the authorizing official (AO). If not approved for use, Wi-Fi and Bluetooth hotspot must be disabled.

Information

Wi-Fi and Bluetooth hotspot use may increase the risk for exposing sensitive DOD data for some use cases, therefore it should be disabled unless approved by the AO. When a DOD mobile phone is used as a Wi-Fi or Bluetooth hotspot, a hotspot password must be enabled, otherwise unauthorized devices could connect to the DOD hotspot which may increase the risk of exposure of sensitive DOD data and/or a performance degradation of the DOD mobile phone.

SFRID: FMT_SMF_EXT.1.1 / WLAN #3

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Disable hotspot functions on the DOD phone if not approved by the AO.

On the EMM console:

COBO:

1. Open 'Set user restrictions'.
2. Toggle 'Disallow config tethering' to 'ON'.

COPE:

1. Open 'Set user restrictions on parent'.
2. Toggle 'Disallow config tethering' to 'ON'.

If the use of Wi-Fi and Bluetooth hotspots has been approved by the AO, train the user to not change the default hotspot password (see GOOG-15-009800). By default, when Wi-Fi Hotspot is enabled, a 15-character complex password is automatically configured for the hotspot.

Item Details

Audit Name: MobileIron - DISA Google Android 15 COPE STIG v1r3

Category: CONFIGURATION MANAGEMENT

Plugin: MDM

Control ID: b15118bfb849b6bcc8a8b46b338bfb49cff9148116fafe889222f240b3e1b9cb

Detections

Analytics

GOOG-15-009950 - Google Android 15 must be configured to enforce a password for Wi-Fi and Bluetooth hotspot, if approved for use by the authorizing official (AO). If not approved for use, Wi-Fi and Bluetooth hotspot must be disabled.

Information

Solution

See Also

Item Details