The LG Android 5.0 platform must retain the notice and consent banner on the screen until the user executes a positive action to manifest agreement by selecting a box indicating acceptance.

From LG Android 5.x Interim Security Configuration Guide

Part of PP-MDF-991000

Associated with: CCI-000366

SV-73247r1_rule The LG Android 5.0 platform must retain the notice and consent banner on the screen until the user executes a positive action to manifest agreement by selecting a box indicating acceptance.

Vulnerability discussion

To ensure notice of and consent to the terms of the DoD standard user agreement, an Android app must display a consent banner. Additionally, the app must prevent further activity in the application unless and until the user executes a positive action to manifest agreement, such as by tapping an acceptance button in the app. By preventing access to the system until the user accepts the conditions, legal requirements are met to protect the DoD and to remind users the device is designed and implemented for business use. Additional information is found in DoD Instruction 8500.01.SFR ID: FMT_SMF.1.1 #42

Check content

Note: the following procedure is exactly the same as requirement LGA5-10-001100. The procedure only needs to be performed once. This validation procedure is performed on both the MDM Administration Console and the LG Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Enforce warning banner" setting in the MDM console. 2. Verify the Enforce warning banner has been set up and the wording is exactly as specified in the Vulnerability Discussion. On the LG Android device: 1. Reboot the device and verify the warning banner is displayed. 2. Verify the required text is displayed and the user must click "Agree" after checking "I understand and agree to this". If the "Enforce warning banner" setting is not set, does not show the required text, or if device does not show the Warning banner after every device reboot, this is a finding.

Fix text

Configure the mobile device to enforce warning banner. On the MDM Administration Console, set the "Enforce warning banner" with the required text.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer