Honeywell Android 13 must be configured to disable multiuser modes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-274405 | HONW-13-009000 | SV-274405r1100857_rule | Medium |
| Description |
| Multiuser mode allows multiple users to share a mobile device by providing a degree of separation between user data. To date, no mobile device with multiuser mode features meets DOD requirements for access control, data separation, and nonrepudiation for user accounts. In addition, the MDFPP does not include design requirements for multiuser account services. Disabling multiuser mode mitigates the risk of not meeting DOD multiuser account security policies. SFR ID: FMT_SMF_EXT.1.1 #47a |
| STIG | Date |
| Honeywell Android 13 COPE Security Technical Implementation Guide | 2025-05-07 |
Details
| Check Text (C-78496r1100855_chk) |
| Review documentation on the managed Honeywell Android 13 device and inspect the configuration on the Honeywell Android device to disable multiuser modes. This validation procedure is performed on both the EMM Administration Console and the managed Honeywell Android 13 device. On the EMM console: COBO, COPE, and BYOAD: 1. Open "User restrictions". 2. Open "Set user restrictions". 3. Verify that "Disallow modify accounts" is toggled to "ON". Note: This applies only to the work profile for BYOAD. A user can modify accounts in the personal profile. On the managed Honeywell Android 13 device: COBO and COPE: 1. Go to Settings >> Passwords & accounts >> Accounts for Owner. 2. Tap "Add account". 3. Verify that the action is not allowed. BYOAD: 1. Go to Settings >> Passwords & accounts >> Work. 2. Tap "Add account". 3. Verify that the action is not allowed. If the EMM console device policy is not set to disable multiuser modes or on the managed Honeywell Android 13 device, the device policy is not set to disable multiuser modes, this is a finding. |
| Fix Text (F-78401r1100856_fix) |
| Configure the Honeywell Android 13 device to disable multiuser modes. On the EMM console: COBO, COPE, and BYOAD: 1. Open "User restrictions". 2. Open "Set user restrictions". 3. Toggle "Disallow modify accounts" to "ON". Note: This only applies to the work profile for BYOAD. A user can modify accounts in the personal profile. |