Free DISA STIG and SRG Library | Vaulted

V-98955

Google Android 10 must be configured to disable multi-user modes.

Finding ID
GOOG-10-004700
Rule ID
SV-108059r1_rule
Severity
Cat II
CCE
(None)
Group Title
PP-MDF-301280
CCI
CCI-002110
Target Key
(None)
Documentable
No
Discussion

Multi-user mode allows multiple users to share a mobile device by providing a degree of separation between user data. To date, no mobile device with multi-user mode features meets DoD requirements for access control, data separation, and non-repudiation for user accounts. In addition, the MDFPP does not include design requirements for multi-user account services. Disabling multi-user mode mitigates the risk of not meeting DoD multi-user account security policies. SFR ID: FMT_SMF_EXT.1.1 #47b

Fix Text

Configure the Google Android 10 to disable multi-user modes. On the MDM console: 1. Open the User restrictions. 2. Open user settings. 3. Select "Disallow Add User".

Check Content

Review documentation on the Google Android device and inspect the configuration on the Google Android device to disable multi-user modes. This validation procedure is performed on both the MDM Administration Console and the Android 10 device. On the MDM console, do the following: 1. Open the User restrictions. 2. Open user settings. 3. Confirm "Disallow Add User" is selected. On the Android 10 device, do the following: 1. Go to Settings >> System >> Advanced >> Multiple users. 2. Ensure that there is no option to add a user. If the MDM console device policy is not set to disable multi-user modes or on the Android 10 device, the device policy is not set to disable multi-user modes, this is a finding.