STIGhub
STIGs
RMF Controls
Compare
← CM-11 — User-Installed Software
CCI-001806
Definition
Defines methods to be employed to enforce the software installation policies.
Parent Control
CM-11
User-Installed Software
Configuration Management
Linked STIG Checks (9)
V-235040
CAT II
The Honeywell Mobility Edge Android Pie device must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].
Honeywell Android 9.x COBO Security Technical Implementation Guide
V-235041
CAT II
The Honeywell Mobility Edge Android Pie device must be configured to enforce an application installation policy by specifying an application whitelist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version].
Honeywell Android 9.x COBO Security Technical Implementation Guide
V-235042
CAT II
The Honeywell Mobility Edge Android Pie device whitelist must be configured to not include applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services); - transmit MD diagnostic data to non-DoD servers; - voice assistant application if available when MD is locked; - voice dialing application if available when MD is locked; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers.
Honeywell Android 9.x COBO Security Technical Implementation Guide
V-235067
CAT II
The Honeywell Mobility Edge Android Pie device must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].
Honeywell Android 9.x COPE Security Technical Implementation Guide
V-235068
CAT II
The Honeywell Mobility Edge Android Pie device must be configured to enforce an application installation policy by specifying an application whitelist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version].
Honeywell Android 9.x COPE Security Technical Implementation Guide
V-235069
CAT II
The Honeywell Mobility Edge Android Pie device whitelist must be configured to not include applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services); - transmit MD diagnostic data to non-DoD servers; - voice assistant application if available when MD is locked; - voice dialing application if available when MD is locked; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers.
Honeywell Android 9.x COPE Security Technical Implementation Guide
V-252855
CAT II
Zebra Android 11 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, EMM server, mobile application store].
Zebra Android 11 COBO Security Technical Implementation Guide
V-252856
CAT II
Zebra Android 11 must be configured to enforce an application installation policy by specifying an application allow list that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version].
Zebra Android 11 COBO Security Technical Implementation Guide
V-252857
CAT II
Zebra Android 11 allow list must be configured to not include applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services); - transmit MD diagnostic data to non-DoD servers; - voice assistant application if available when MD is locked; - voice dialing application if available when MD is locked; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers.
Zebra Android 11 COBO Security Technical Implementation Guide