Google Android 15 must be configured to enforce a password for Wi-Fi and Bluetooth hotspot, if approved for use by the approving authority (AO). If not approved for use, Wi-Fi and Bluetooth hotspot must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-267453 | GOOG-15-009950 | SV-267453r1031544_rule | Medium |
| Description |
| Wi-Fi and Bluetooth hotspot use may increase the risk for exposing sensitive DOD data for some use cases, therefore it should be disabled unless approved by the AO. When a DOD mobile phone is used as a Wi-Fi or Bluetooth hotspot, a hotspot password must be enabled, otherwise unauthorized devices could connect to the DOD hotspot which may increase the risk of exposure of sensitive DOD data and/or a performance degradation of the DOD mobile phone. SFRID: FMT_SMF_EXT.1.1 / WLAN #3 |
| STIG | Date |
| Google Android 15 COBO Security Technical Implementation Guide | 2024-12-05 |
Details
| Check Text (C-71377r1031542_chk) |
| Review device configuration, user training, and determine if the AO has approved hotspot use. If the AO has not approved hotspot use, verify hotspot use has been disabled: On the EMM console: COBO: 1. Open "Set user restrictions". 2. Verify "Disallow config tethering" is toggled to "ON". COPE: 1. Open "Set user restrictions on parent". 2. Toggle "Disallow config tethering" to "ON". On the managed Google Android 15 device: COBO and COPE: 1. Go to Settings >> Network & Internet. 2. Verify "Hotspot & tethering" is "Controlled by admin". 3. Verify that tapping "Hotspot & tethering" provides a prompt to the user specifying "Action not allowed". If on the managed Google Android 15 device "Hotspot & tethering" is enabled, this is a finding. If hotspot use has been approved, verify the user has been trained to use the default hotspot password. Refer to GOOG-15-009800 for procedure. If users are not trained to use the default hotspot password, this is a finding. |
| Fix Text (F-71280r1031543_fix) |
| Disable hotspot functions on the DOD phone if not approved by the AO. On the EMM console: COBO: 1. Open "Set user restrictions". 2. Toggle "Disallow config tethering" to "ON". COPE: 1. Open "Set user restrictions on parent". 2. Toggle "Disallow config tethering" to "ON". If the use of Wi-Fi and Bluetooth hotspots has been approved by the AO, train the user to not change the default hotspot password (refer to GOOG-15-009800). (By default, when Wi-Fi Hotspot is enabled, a 15-character complex password is automatically configured for the hotspot. |