Rule ID
SV-284815r1240675_rule
Version
V1R1
CCIs
Data on mobile devices is protected by numerous mechanisms, including user authentication, access control, and cryptography. When the data is backed up to an external system (either locally connected or cloud based), many if not all of these mechanisms are no longer present. This leaves the backed-up data vulnerable to attack. Disabling backup to external systems mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #40
Review managed Google Android 17 device configuration settings to determine if the mobile device has a USB mass storage mode and whether it has been disabled. This validation procedure is performed on both the EMM administration console and the managed Google Android 17 device. On the EMM console: COBO: 1. Open "User restrictions". 2. Open "Set user restrictions". 3. Verify that "Disallow USB file transfer" is toggled to "ON". COPE: 1. Open "User restrictions". 2. Open "Set user restrictions on parent". 3. Verify that "Disallow USB file transfer" is toggled to "ON". ______________________________ On the managed Google Android 17 device: 1. Plug a USB cable into the managed Google Android 17 device and connect to a non-DoW network-managed PC. 2. Go to Settings >> Connected devices >> USB. 3. Verify that "No data transfer" is selected. If the EMM console device policy is not set to disable USB mass storage mode, or on the managed Google Android 17 device the device policy is not set to disable USB mass storage mode, this is a finding.
Configure the Google Android 17 device to disable USB mass storage mode. On the EMM console: COBO: 1. Open "User restrictions". 2. Open "Set user restrictions". 3. Toggle "Disallow USB file transfer" to "ON". COPE: 1. Open "User restrictions". 2. Open "Set user restrictions on parent". 3. Toggle "Disallow USB file transfer" to "ON". Configuration API: DISALLOW_MOUNT_PHYSICAL_MEDIA, DISALLOW_USB_FILE_TRANSFER