STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Samsung Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide

Version

V1R3

Release Date

Feb 13, 2026

SCAP Benchmark ID

SS_Android_14_MDFPP_3-3_BYOAD_STIG

Total Checks

26

Tags

mobile

CAT I: 1CAT II: 22CAT III: 3

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON Download STIG ZIP

Checks (26)

V-260439MEDIUMSamsung Android must be enrolled as a BYOD device.V-260440LOWSamsung Android must be configured to display the DOD advisory warning message at startup or each time the user unlocks the device.V-260441MEDIUMSamsung Android must be configured to not allow passwords that include more than four repeating or sequential characters.V-260442MEDIUMSamsung Android must be configured to enforce a minimum password length of six characters.V-260443MEDIUMSamsung Android must be configured to not allow more than 10 consecutive failed authentication attempts.V-260445MEDIUMSamsung Android must be configured to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor: Face recognition.V-260446MEDIUMSamsung Android must be configured to enable a screen-lock policy that will lock the display after a period of inactivity - Disable trust agents.V-260447MEDIUMSamsung Android's Work profile must have the DOD root and intermediate PKI certificates installed.V-260448MEDIUMSamsung Android's Work profile must be configured to enforce an application installation policy by specifying an application allowlist that restricts applications by the following characteristics: Names.V-260449MEDIUMSamsung Android's Work profile must be configured to not allow installation of applications with the following characteristics: - Back up MD data to non-DOD cloud servers (including user and application access to cloud backup services); - Transmit MD diagnostic data to non-DOD servers; - Voice assistant application if available when MD is locked; - Voice dialing application if available when MD is locked; - Allows synchronization of data or applications between devices associated with user; and - Allows unencrypted (or encrypted but not FIPS 140-3 validated) data sharing with other MDs or printers. - Apps which backup their own data to a remote system.V-260450MEDIUMSamsung Android must be configured to not display the following (Work Environment) notifications when the device is locked: All notifications.V-260451MEDIUMSamsung Android's Work profile must be configured to prevent users from adding personal email accounts to the work email app.V-260452MEDIUMSamsung Android's Work profile must be configured to not allow backup of all applications, configuration data to remote systems.- Disable Data Sync Framework.V-260453MEDIUMSamsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes and groups of application processes from accessing all data stored by other application processes and groups of application processes.V-260454MEDIUMSamsung Android's Work profile must allow only the Administrator (management tool) to perform the following management function: Install/remove DOD root and intermediate PKI certificates.V-260455MEDIUMSamsung Android must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including DOD-approved commercial app repository, management tool server, or mobile application store.V-260456MEDIUMSamsung Android device users must complete required training.V-260457HIGHThe Samsung Android device must have the latest available Samsung Android operating system (OS) installed.V-260458LOWSamsung Android 14 must prohibit DOD VPN profiles in the Personal Profile.V-260459MEDIUMThe Samsung Android device must be configured to enable Certificate Revocation List (CRL) status checking.V-260460MEDIUMThe Samsung Android device work profile must be configured to enforce the system application disable list.V-260461MEDIUMThe Samsung Android device work profile must be configured to disable automatic completion of workspace internet browser text input.V-260462MEDIUMThe Samsung Android device work profile must be configured to disable the autofill services.V-260463LOWThe Samsung Android device must be configured to disable the use of third-party keyboards.V-277027MEDIUMSamsung Android 14 BYOAD devices must have a Mobile Threat Detection (MTD) app installed.V-282946MEDIUMAll Samsung Android 14 BYOAD installations must be removed.