Checklist Summary:

The Zebra Technologies Android 14 Security Technical Implementation Guide (STIG) provides the technical security policies, requirements, and implementation details for applying security concepts to Zebra Technologies handheld devices running Android 14 that process, store, or transmit unclassified data marked as Controlled Unclassified Information (CUI) or below. The STIG is based on the Protection Profile for Mobile Device Fundamentals (MDFPP) version 3.3 STIG template. Requirements compliance is achieved by leveraging a combination of configuration profiles, user-based enforcement (UBE), and reporting.This STIG leverages the Google Android 14 STIG. All requirements in this STIG are based on the Google Android 14 STIG, with several changes specific to Zebra Technologies.

Checklist Role:

• Operating System

Known Issues:

Not provided.

Target Audience:

The scope of this STIG covers the Corporate Owned Business Only (COBO)1 and Corporate Owned Personally Enabled (COPE) use cases. Bring Your Own Device (BYOD) and Bring Your Own Approved Device (BYOAD)2 use cases are not in scope for this STIG.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

This document is provided under the authority of DoDI 8500.01.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

If the authorizing official (AO) has approved the use/storage of DOD data in one or more personal (unmanaged) apps, allowing unrestricted user activity in downloading and installing personal (unmanaged) apps on Zebra Technologies devices may not be warranted due to the risk of possible loss of or unauthorized access to DOD data. This STIG assumes that if a DOD Wi-Fi network allows Zebra Technologies devices to connect to the network, the Wi-Fi network complies with the Network Infrastructure STIG; for example, wireless access points and bridges must not be connected directly to the enclave network. DISA accepts no liability for the consequences of applying specific configuration settings made on the basis of the SRGs/STIGs. It must be noted that the configuration settings specified should be evaluated in a local, representative test environment before implementation in a production environment, especially within large user populations. The extensive variety of environments makes it impossible to test these configuration settings for all potential software configurations.

Product Support:

Not provided.

Point of Contact:

[email protected]

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 03/03/2026