GOOG-09-002300 - Google Android Pie must be configured to disable trust agents. Note: This requirement is not applicable (NA) for specific biometric authentication factors included in the products Common Criteria evaluation.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Trust agents allow a user to unlock a mobile device without entering a passcode when the mobile device is, for example, connected to a user-selected Bluetooth device or in a user-selected location. This technology would allow unauthorized users to have access to DoD sensitive data if compromised. By not permitting the use of non-password authentication mechanisms, users are forced to use passcodes that meet DoD passcode requirements.

SFR ID: FMT_SMF_EXT.1.1 #23, FIA_UAU.5.1

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure Google Android Pie to disable trust agents.

On the MDM console:
1. Open Lock screen restrictions section.
2. Set "Disable trust agents" to on.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Android_9-x_V1R1_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000366, CCI|CCI-000370, CCI|CCI-000381, Rule-ID|SV-106429r1_rule, STIG-ID|GOOG-09-002300, Vuln-ID|V-97325

Plugin: MDM

Control ID: 58d6f3a7a0dd8e57775d38312022d1336636e2f3cac36c92415afce95d7d36d9