TickYouOff
Sign in
Back
🔒

Zebra Android 14 STIG (Y26M01)

Hard 16 items · 4 hours
testuser's avatar
testuser Published 4 weeks ago
Security

This checklist translates the Zebra Android 14 STIG (Y26M01) into clear, actionable steps for IT and security teams managing corporate Zebra handhelds. Use it to prepare, configure, and validate COBO/COPE Zebra devices that store or transmit Controlled Unclassified Information (CUI).

Source: https://ncp.nist.gov/checklist/1322

Progress
0 / 16
  1. Apply Zebra Android 14 STIG baseline profile — Deploy the official STIG configuration profile to managed Zebra devices.
  2. Verify device ownership mode is set to COBO or COPE — Confirm enrolled devices use corporate-owned modes; BYOD/BYOAD are out of scope.
  3. Disable installation of unmanaged (personal) apps — Prevent user-installed apps unless explicitly authorized by the AO.
  4. Restrict sideloading and block unknown sources — Ensure only approved app stores and deployment channels are allowed.
  5. Enforce device encryption (file and/or full-disk) — Ensure data at rest is encrypted using platform-approved crypto.
  6. Configure lock screen: PIN/password and complexity — Set mandatory authentication and appropriate timeout/complexity controls.
  7. Set minimum PIN length to at least 6 digits — Use a minimum length to reduce brute-force risk.
  8. Set auto-lock timeout to 1 minute or less — Short timeout reduces exposure from unattended devices.
  9. Set maximum failed login attempts and auto-wipe — Configure device to lock or wipe after repeated failures.
  10. Enable verified boot and secure boot settings — Prevent boot-time tampering by enforcing verified boot.
  11. Apply latest OS security patches and updates — Install vendor and Google security patches promptly.
  12. Disable developer options and USB debugging — Prevent elevated access vectors via ADB and dev tools.
  13. Configure Wi-Fi and VPN per Network Infrastructure STIG — Ensure only approved networks and secure VPN profiles are used.
  14. Require device attestation and MDM enrollment — Enforce attestation to verify device integrity and MDM control.
  15. Enable logging and reporting to central management — Forward audit logs and compliance reports to your SIEM/MDM.
  16. Test settings in a representative environment before production rollout — Validate compatibility and user impact in a lab/test group.
Sign in to save
📝 My Notes