TickYouOff
Sign in
Back
🔒

Android 14 BYOAD STIG Compliance Checklist

Medium 21 items · 1 day
testuser's avatar
testuser Published 1 month ago
Security

This checklist helps DOD and federal teams implement the Google Android 14 BYOAD STIG for personally owned Samsung devices handling CUI or below. It’s for system administrators, security officers, and approving officials preparing BYOAD deployments.

Source: https://ncp.nist.gov/checklist/1230

Progress
0 / 21
  1. Download the standalone XCCDF STIG — Get XCCDF 1.1.4 from https://cyber.mil/ or https://public.cyber.mil/
  2. Verify STIG ID, version and publication dates — Confirm Checklist ID 1230, version Y25M10, pub 03/13/2024, last modified 12/12/2025.
  3. Confirm target CPE and OS version is Android 14 — STIG targets cpe:/o:google:android:14.0
  4. Confirm device compatibility for BYOAD deployment — Ensure Samsung devices are capable of running Android 14 per STIG scope.
  5. Ensure NIAP-certified data separation technology is used — Use NIAP-certified solution compliant with MDFPP v3.3 (BYOD use case).
  6. Add screenshot prohibition to user agreements — Include: “Screenshots will not be taken of any ‘work’ related managed data.”
  7. Review Section 2.4 operational considerations in the supplemental — Read operational guidance the site and AO should review before deployment.
  8. Assign Approving Official (AO) and site authority — Designate AO to approve BYOAD use and document authority.
  9. Configure the managed operational environment per STIG — Set up Managed / SSLF environment and controls described in the STIG.
  10. Apply work profile separation settings — Configure work vs personal app/data separation in the managed profile.
  11. Configure app controls and data flow rules — Enforce allowed apps, restrict data sharing, and control exports.
  12. Enable hardware-backed keystore and enforced encryption — Use hardware keystore and require full-disk or file-based encryption.
  13. Implement security policies for managed work apps — Apply device policies, app restrictions, and network access controls.
  14. Verify OS and security patch levels are up to date — Confirm devices run supported Android 14 security patch levels.
  15. Ensure compliance with DODI 8500.01 — Map STIG controls to DODI 8500.01 requirements and document compliance.
  16. Conduct functional and security testing of BYOAD setup — Perform tests for separation, data leakage, and policy enforcement.
  17. Train users on BYOAD rules and screenshot prohibition — Brief users on acceptable use, privacy, and handling of work data.
  18. Document approvals, configurations, and change history — Record AO approvals, implemented controls, and STIG revision history.
  19. Establish incident reporting process and point of contact — Publish reporting steps and POC email for security incidents.
  20. Submit comments or revision requests to DISA — Send feedback or change requests to [email protected]
  21. Schedule periodic compliance reviews and STIG updates — Plan recurring reviews and re-check controls after STIG updates.
Sign in to save
📝 My Notes