DISA STIG for Android 12

The United States’ Defence Information Systems Agency’s (DISA) produces Security Technical Implementation Guides (STIG) for the configuration of systems used by branches of the Department of Defense (DoD). TDM supports their STIG for Google Android 12 for the Corporate Owned Business Only (COBO) use case.

Our product and policy have not been reviewed or endorsed by the DoD or DISA.

Policy Summary

Users may not configure:

The following device features are disabled:

The policy applies the security features:

Users are required to use a 6-digit PIN (or better - applied as High complexity) and have up to 10 failed attempts before the device performs a factory reset. The screen lock time must be set to 15 minutes or less.

Considerations

Additional controls

We recommend administrators consider adding the following controls:

Changes for use with tactical radios and hubs

Phones and tablets that use a tactical USB hub or a radio via USB will need to enable USB data signaling.

Location sharing

Tactical use of devices is often for facilitating shared situational awareness, which may require Location sharing to be enabled.

Biometric-based unlock mechanisms

The DISA STIG does not prevent the use of biometric-based unlock mechanisms. However, these may be undesirable in a tactical scenario. Administrators should consider disallowing:

Remote SMS Wipe

If the devices have cellular connectivity, we encourage administrators to consider configuring the remote SMS wipe capability.

Non-US organisations

For non-US administrators who choose to apply the STIG controls, we recommend removing the DoD certificate to prevent their devices trusting the server certificates generated by the US DoD.