STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Google Android 17 COPE Security Technical Implementation Guide

V-284829

CAT II (Medium)

Google Android 17 must be configured to enforce a password for Wi-Fi and Bluetooth hotspot if approved for use by the authorizing official (AO). If not approved for use, Wi-Fi and Bluetooth hotspot must be disabled.

Rule ID

SV-284829r1240686_rule

STIG

Google Android 17 COPE Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000366

Discussion

Wi-Fi and Bluetooth hotspot use may increase the risk for exposing sensitive DoW data for some use cases; therefore, it should be disabled unless approved by the AO. When a DoW mobile phone is used as a Wi-Fi or Bluetooth hotspot, a hotspot password must be enabled; otherwise, unauthorized devices could connect to the DoW hotspot, which may increase the risk of exposure of sensitive DoW data and/or a performance degradation of the DoW mobile phone. SFR ID: FMT_SMF_EXT.1.1 / WLAN #3

Check Content

Review device configuration and user training and determine if the AO has approved hotspot use.

If the AO has not approved hotspot use, verify that hotspot use has been disabled:

On the EMM console:

COBO:

1. Open "Set user restrictions".
2. Verify that "Disallow config tethering" is toggled to "ON".

COPE:

1. Open "Set user restrictions on parent".
2. Toggle "Disallow config tethering" to "ON".

On the managed Google Android 17 device:

COBO and COPE:

1. Go to Settings >> Network & Internet.
2. Verify that "Hotspot & tethering" is "Controlled by admin".
3. Verify that tapping "Hotspot & tethering" provides a prompt to the user specifying "Action not allowed".
 
If on the managed Google Android 17 device "Hotspot & tethering" is enabled, this is a finding.

If hotspot use has been approved, verify that the user has been trained to use the default hotspot password. Refer to GOOG-17-009800 for the procedure.

If users are not trained to use the default hotspot password, this is a finding.

Fix Text

Disable hotspot functions on the DoW phone if not approved by the AO. 

On the EMM console:

COBO:

1. Open "Set user restrictions".
2. Toggle "Disallow config tethering" to "ON".

COPE:

1. Open "Set user restrictions on parent".
2. Toggle "Disallow config tethering" to "ON".

If the AO has approved the use of Wi-Fi and Bluetooth hotspots, train the user to not change the default hotspot password (refer to GOOG-17-009800). By default, when Wi-Fi Hotspot is enabled, a 15-character complex password is automatically configured for the hotspot.

Configuration API: DISALLOW_CONFIG_TETHERING