NCSC End User Device Guidance policy
The United Kingdom’s National Cyber Security Centre (NCSC) provides guidance for the configuration of End User Devices (EUD) for use at OFFICIAL and it is encouraged to be used as a starting point for all UK Government projects including those of the Ministry of Defence (MOD).
Our product and policy have not been reviewed or endorsed by the UK Government, NCSC or MOD.
Policy Summary
Users may not configure:
The following device features are disabled:
The policy applies the security features:
The guidance states the user’s screen unlock password should consist of least one character, number and symbol. Android 12 simplified password complexity, deprecating the ability to specify character, number and symbol requirements. This policy applies the new complexity policy (replacing quality) requiring an 8 digit, non-repeating, non-sequential PIN. On devices running Android 12+, the user may optionally choose a 6 character password (8 characters on Android 11 and lower).
Considerations
Additional controls
We recommend administrators consider adding the following controls:
Biometric-based unlock mechanisms
The guidance does not discourage the use of biometric-based unlock mechanisms. However, these may be undesirable in a tactical scenario. Administrators should consider disallowing:
Remote SMS Wipe
If the devices have cellular connectivity, we encourage administrators to consider configuring the remote SMS wipe capability.
Multiple users and profiles
The guidance recommends preventing phone and tablet users from adding or removing Android users and profiles, and to prevent information from being shared (including copying and pasting) between profiles. TDM does not allow additional Android users and profiles.