V-276878
SV-276878r1140426_rule
CAT II
Google Android 16 must be provisioned as a fully managed device and configured to create a work profile.
From: Google Android 16 COPE Security Technical Implementation Guide (V1R2)
Description
<VulnDiscussion>The Android Enterprise work profile is the designated application group for the COPE use case.
SFR ID: FMT_SMF.1.1 #47</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Verify that managed Google Android 16 is configured as Corporate Owned Work Managed.
This procedure is performed on both the EMM Administration Console and the managed Google Android 16 device.
On the EMM console, configure the default enrollment as Corporate Owned and select "Use for Work & Personal".
On the managed Google Android 16 device:
1. Go to the application drawer.
2. Ensure a Personal tab and a Work tab are present.
If on the EMM console the account the default enrollment is set to Corporate Owned Work Managed, or on the managed Android 16 device the user does not have a Work tab, this is a finding.
Fix Text
Configure the Google Android 16 device as corporate owned with a work profile.
On the EMM console, configure the default enrollment as Corporate Owned, and select "Use for Work & Personal".
Refer to the EMM documentation to determine how to configure the device.
CCI Reference
CCI-000366- Created
- 2026-04-07 20:08:17
- Last Updated
- 2026-04-07 20:08:17