Rule ID
SV-278367r1134580_rule
Version
V1R4
CCIs
CCI-000366
Wi-Fi Aware allows direct connections between nearby devices for fast data transfer, video streaming, and multiplayer gaming. It allows full peer-to-peer device discovery and communication where two or more devices are publishing and/or subscribing to the same known service name. There is risk that sensitive DOD information could be transferred from a DOD mobile device to a non-DOD device or from Work Profile apps on a DOD device to Personal Profile apps on a non-DOD device.
Review device configuration settings to confirm Wi-Fi Aware is disabled for each work profile app. This procedure is performed on the EMM console. For each Work Profile app, verify the app is configured to deny the NEARBY_WIFI_DEVICE permission. Note: Not all apps will support Wi-Fi Aware and have the NEARBY_WIFI_DEVICE permission. If on the EMM console the NEARBY_WIFI_DEVICE permission is not set to "deny" for all Work Profile apps that support Wi-Fi Aware, this is a finding.
Configure the Google Android device to disable Wi-Fi Aware for all Work Profile apps. On the EMM console: For each Work Profile app, configure the NEARBY_WIFI_DEVICE permission to "deny" to block the use of Wi-Fi Aware if the app supports this feature. If the app does not support Wi-Fi Aware, a NEARBY_WIFI_DEVICE permission may not be available.