The LG Android 5.0 platform must be configured to implement the management settings: disable Android Beam.

From LG Android 5.x Interim Security Configuration Guide

Part of PP-MDF-991000

Associated with: CCI-000366 CCI-001749

SV-73255r1_rule The LG Android 5.0 platform must be configured to implement the management settings: disable Android Beam.

Vulnerability discussion

Android Beam provides the capability for Android devices to transfer data between them. Data transfer is not encrypted using FIPS-validated encryption mechanisms. Sensitive DoD information could be compromised if Android beam is enabled.SFR ID: FPT_TUD_EXT.2.5

Check content

This validation procedure is performed on both the MDM Administration Console and the LG Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Allow Android Beam" setting in the MDM console. 2. Verify the setting for the Android Beam is disabled. On the LG Android device: 1. Unlock the device 2. Navigate to the Android Beam setting: Settings >> Share & Connect >> Android Beam 3. Verify the Android Beam menu is disabled and the following message is displayed: Android Beam is disabled by server policy. If the "Allow Android Beam" setting is enabled, or if the user is able to enable the setting on the device, this is a finding.

Fix text

Configure the mobile device to disable Android Beam. On the MDM Administration Console, disable the "Allow Android Beam" setting.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer