STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Google Android 15 COPE Security Technical Implementation Guide

V-267549

CAT II (Medium)

Google Android 15 must be configured to enforce a password for Wi-Fi and Bluetooth hotspot, if approved for use by the authorizing official (AO). If not approved for use, Wi-Fi and Bluetooth hotspot must be disabled.

Rule ID

SV-267549r1031832_rule

STIG

Google Android 15 COPE Security Technical Implementation Guide

Version

V1R4

CCIs

CCI-000366

Discussion

Wi-Fi and Bluetooth hotspot use may increase the risk for exposing sensitive DOD data for some use cases, therefore it should be disabled unless approved by the AO. When a DOD mobile phone is used as a Wi-Fi or Bluetooth hotspot, a hotspot password must be enabled, otherwise unauthorized devices could connect to the DOD hotspot which may increase the risk of exposure of sensitive DOD data and/or a performance degradation of the DOD mobile phone. SFRID: FMT_SMF_EXT.1.1 / WLAN #3

Check Content

Review device configuration, user training, and determine if the AO has approved hotspot use.

If the AO has not approved hotspot use, verify hotspot use has been disabled:

On the EMM console:

COBO:

1. Open "Set user restrictions".
2. Verify "Disallow config tethering" is toggled to "ON".

COPE:

1. Open "Set user restrictions on parent".
2. Toggle "Disallow config tethering" to "ON".

On the managed Google Android 15 device:

COBO and COPE:

1. Go to Settings >> Network & Internet.
2. Verify "Hotspot & tethering" is "Controlled by admin".
3. Verify that tapping "Hotspot & tethering" provides a prompt to the user specifying "Action not allowed".
 
If on the managed Google Android 15 device "Hotspot & tethering" is enabled, this is a finding.

If hotspot use has been approved, verify the user has been trained to use the default hotspot password. See GOOG-15-009800 for procedure.

If users are not trained to use the default hotspot password, this is a finding.

Fix Text

Disable hotspot functions on the DOD phone if not approved by the AO. 

On the EMM console:

COBO:

1. Open "Set user restrictions".
2. Toggle "Disallow config tethering" to "ON".

COPE:

1. Open "Set user restrictions on parent".
2. Toggle "Disallow config tethering" to "ON".

If the use of Wi-Fi and Bluetooth hotspots has been approved by the AO, train the user to not change the default hotspot password (see GOOG-15-009800). By default, when Wi-Fi Hotspot is enabled, a 15-character complex password is automatically configured for the hotspot.