The User Agreement must include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-260071	GOOG-14-802100	SV-260071r948418_rule		Medium

Description

DOD policy states BYOAD owners must sign a user agreement and be made aware of what personal data and activities will be monitored by the Enterprise by including this information in the user agreement. Reference: DOD policy "Use of Non-Government Mobile Devices" (3.a.(3)ii, and 3.c.(4)). SFR ID: FMT_SMF_EXT.1.1 #47

STIG	Date
Google Android 14 BYOAD Security Technical Implementation Guide	2024-02-16

Details

Check Text (C-63802r948416_chk)

Verify the user agreement includes a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.

If the user agreement does not include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools, this is a finding.

Fix Text (F-63709r948417_fix)

Include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools in the user agreement.