STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Google Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide

Version

V1R2

Release Date

Aug 19, 2025

SCAP Benchmark ID

Google_Android_14_MDF_PP_3-3_BYOAD_STIG

Total Checks

23

Tags

mobile
CAT I: 0CAT II: 23CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (23)

V-260082MEDIUMGoogle Android 14 must prohibit DOD VPN profiles in the Personal Profile.V-260126MEDIUMGoogle Android 14 must be configured to enforce a minimum password length of six characters and not allow passwords that include more than four repeating or sequential characters.V-260128MEDIUMGoogle Android 14 must be configured to lock the display after 15 minutes (or less) of inactivity.V-260129MEDIUMGoogle Android 14 must be configured to not allow more than 10 consecutive failed authentication attempts.V-260130MEDIUMGoogle Android 14 must be configured to enforce an application installation policy by specifying one or more authorized application repositories.V-260131MEDIUMGoogle Android 14 must be configured to enforce an application installation policy by specifying an application allowlist that restricts applications by the following characteristics: [selection: list of digital signatures, cryptographic hash values, names, application version].V-260132MEDIUMGoogle Android 14 allowlist must be configured to not include applications with the following characteristics (work profile only): 1. Back up mobile device (MD) data to non-DOD cloud servers (including user and application access to cloud backup services); 2. Transmit MD diagnostic data to non-DOD servers; 3. Voice assistant application if available when MD is locked; 4. Voice dialing application if available when MD is locked; 5. Allows synchronization of data or applications between devices associated with user; and 6. Allows unencrypted (or encrypted but not FIPS 140-3 validated) data sharing with other MDs or printers. 7. Apps which backup their own data to a remote system.V-260133MEDIUMGoogle Android 14 must be configured to not display the following (work profile) notifications when the device is locked: [selection: a. email notifications b. calendar appointments c. contact associated with phone call notification d. text message notification e. other application-based notifications f. all notifications].V-260137MEDIUMGoogle Android 14 must be configured to disable trust agents.V-260142MEDIUMGoogle Android 14 must be configured to display the DOD advisory warning message at startup or each time the user unlocks the Work Profile.V-260149MEDIUMGoogle Android 14 must be configured to not allow backup of all work profile applications to remote systems.V-260152MEDIUMGoogle Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].V-260160MEDIUMGoogle Android 14 users must complete required training.V-260162MEDIUMGoogle Android 14 must have the DOD root and intermediate PKI certificates installed (work profile only).V-260163MEDIUMThe Google Android 14 work profile must be configured to prevent users from adding personal email accounts to the work email app.V-260164MEDIUMThe Google Android 14 work profile must be configured to enforce the system application disable list (work profile only).V-260165MEDIUMGoogle Android 14 must be provisioned as a BYOAD device (Android work profile for employee-owned devices [BYOD]).V-260166MEDIUMThe Google Android 14 work profile must be configured to disable automatic completion of workspace internet browser text input.V-260167MEDIUMThe Google Android 14 work profile must be configured to disable the autofill services.V-260170MEDIUMAndroid 14 devices must have the latest available Google Android 14 operating system installed.V-260171MEDIUMAndroid 14 devices must be configured to disable the use of third-party keyboards (work profile only).V-260174MEDIUMThe Google Android 14 must allow only the administrator (EMM) to install/remove DOD root and intermediate PKI certificates (work profile).V-276972MEDIUMGoogle Android 14 BYOAD devices must have a Mobile Threat Detection (MTD) app installed.