V-260165
SV-260165r959010_rule
CAT II
Google Android 14 must be provisioned as a BYOAD device (Android work profile for employee-owned devices [BYOD]).
From: Google Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide (V1R2)
Description
<VulnDiscussion>The Android work profile for employee-owned devices (BYOD) is the designated application group for the BYOAD use case.
SFR ID: FMT_SMF_EXT.1.1 #47</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Review that managed Google Android 14 is configured for BYOD (work profile for employee-owned devices [BYOD]).
This procedure is performed on both the EMM Administrator console and the managed Google Android 14 device.
On the EMM console, configure the default enrollment as work profile for employee-owned devices (BYOD).
On the managed Google Android 14 device:
1. Go to the application drawer.
2. Ensure a Personal tab and a Work tab are present.
If on the EMM console, the default enrollment is not set for BYOD (work profile for employee-owned devices [BYOD]), or if on the managed Android 14 device, the user does not have a Work tab, this is a finding.
Fix Text
Configure the Google Android 14 device for BYOD (work profile for employee-owned devices [BYOD]).
On the EMM console, configure the default enrollment as work profile for employee-owned devices (BYOD).
Refer to the EMM documentation to determine how to configure the device.
CCI Reference
CCI-000366- Created
- 2026-04-07 20:08:16
- Last Updated
- 2026-04-07 20:08:16