) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
CIS Google Android 4 Benchmark 1.0.0 Checklist Details (Checklist Revisions)
Supporting Resources:
-
Download Prose - CIS Google Android 4 Benchmark v1.0.0
- Center for Internet Security (CIS)
Target:
| Target | CPE Name |
|---|---|
| Google Android | cpe:/o:google:android:- (View CVEs) |
Checklist Highlights
- Checklist Name:
- CIS Google Android 4 Benchmark
- Checklist ID:
- 1137
- Version:
- 1.0.0
- Type:
- Compliance
- Review Status:
- Final
- Authority:
- Third Party: Center for Internet Security (CIS)
- Original Publication Date:
- 10/01/2012
Checklist Summary:
This document, Security Configuration Benchmark for Android 4.0, provides prescriptive guidance for establishing a secure configuration posture for the Android 4.0 OS. This guide was tested against the Android 4.0 and the Android Virtual Device (AVD) contained in version 4.0.3 of the Android Software Development Kit (SDK). This benchmark covers Android 4.0 and all hardware devices on which this OS is supported. As of the publication of this guidance, mobile devices supported by Android 4.0 include the following: HTC One S (T-Mobile) HTC One X (AT&T) HTC EVO 4G LTE (Sprint) HTC Vivid (AT&T) HTC Amaze 4G (T-Mobile) HTC Sensation 4G (T-Mobile) Samsung Galaxy Nexus (Verizon, Sprint) Samsung Nexus S 4G (AT&T, Sprint) In determining recommendations, the current guidance treats all Android mobile device platforms as having the same use cases and risk/threat scenarios. In all but a very few cases, configuration steps, default settings, and benchmark recommended settings are identical regardless of hardware platform. To obtain the latest version of this guide, please visit http://cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write us at feedback@cisecurity.org. The settings recommended in this benchmark are those available through configuration of the device either directly through its local interface, through manufacturer-provided external configuration tools, and through configuration capabilities provided by Exchange ActiveSync mailbox policies. In considering the recommendations made in this benchmark, the device was considered both as a target itself and as a method of accessing other resources. These benchmark settings provide certain protections from remote attacks against the device and from unauthorized device access in the event the device is lost. The recommendations do not assert sufficient protections against advanced local attacks to gain device access or data recovery that may be possible in the event a device is lost. They also do not discuss custom ROMs or 3rd-party features such as virus or root-kit detection.
Checklist Role:
- Operating System
Known Issues:
Not provided.
Target Audience:
This document is intended for system and application administrators, security specialists, auditors, help desk, end users, and platform deployment personnel who plan to use, develop, deploy, assess, or secure solutions that use Android 4.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
Not provided.
Regulatory Compliance:
Not provided.
Comments/Warnings/Miscellaneous:
Not provided.
Disclaimer:
Not provided.
Product Support:
Not provided.
Point of Contact:
feedback@cisecurity.org
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
new checklist - 2/28/24 updated status to FINAL - 3/28/24
Dependency/Requirements:
| URL | Description |
|---|
References:
| Reference URL | Description |
|---|