TickYouOff
Sign in
Back
🔒

Zebra Android 14 STIG Checklist

Hard 18 items · 2 hours
testuser's avatar
testuser Published 1 month ago
Security

This checklist helps IT and security teams apply the Zebra Android 14 STIG baseline to corporate Zebra handhelds (COBO/COPE). Follow the steps to enroll devices, apply STIG configurations, run compliance scans, and remediate findings to protect Controlled Unclassified Information (CUI). Suitable for administrators managing managed Zebra Android 14 fleets.

Source: https://ncp.nist.gov/checklist/1322

Progress
0 / 18
  1. Download the Zebra Android 14 STIG baseline (XCCDF) — Obtain the Standalone XCCDF 1.1.4 STIG from DISA or your STIG repository.
  2. Review STIG summary, scope, and in-scope use cases — Confirm COBO and COPE are in-scope; BYOD/BYOAD are excluded.
  3. Inventory Zebra devices running Android 14 — Identify device models, OS versions, and ownership type (COBO/COPE).
  4. Enroll devices in enterprise mobility management (EMM) — Use corporate enrollment or device-owner mode for centralized control.
  5. Enable device-owner / corporate mode in EMM — Set devices to managed/device-owner to enforce STIG policies.
  6. Disable unmanaged app installs via EMM — Block sideloading and restrict installs to managed app store.
  7. Configure managed app allowlist (managed Google Play or equivalent) — Allow only approved apps required for business functions.
  8. Apply STIG configuration profiles to enrolled devices — Push STIG settings via EMM or import XCCDF to your management tool.
  9. Require strong authentication and lock-screen policies — Enforce PIN/password length, complexity, timeout, and biometric rules.
  10. Enable full-disk or file-based encryption — Ensure device storage is encrypted per Android 14 capabilities.
  11. Enforce approved Wi‑Fi profiles and restrict direct enclave connections — Use enterprise Wi‑Fi configs and ensure network complies with Network STIG.
  12. Disable ADB, developer options, and debugging features — Prevent device-level debugging that can bypass protections.
  13. Block installation from unknown sources and sideloading — Restrict installs to managed channels only.
  14. Enable logging, audit, and reporting for STIG controls — Activate device logs and central reporting to detect deviations.
  15. Run compliance scans and generate STIG reports — Use EMM or STIG tools to evaluate settings and produce reports.
  16. Review and remediate non-compliant findings — Address vulnerabilities, misconfigurations, and document fixes.
  17. Document approved exceptions and AO approvals — Record Authorizing Official approvals for allowed deviations.
  18. Schedule regular re-scans and STIG baseline updates — Plan periodic compliance checks and apply STIG revisions.
Sign in to save
📝 My Notes