Final answer:
To harden company-owned mobile devices and adhere to company policy, a security administrator should enable SEAndroid, disable 802.11, and disable Bluetooth. These measures enforce mandatory access control by the OS and restrict the device to use only the mobile carrier data transport.
Step-by-step explanation:
A security administrator who wants to implement controls to harden company-owned mobile devices and enforce company policy must consider various measures. Here are the controls that should be implemented based on the specified requirements:
- Enable SEAndroid: Security Enhanced Android (SEAndroid) is a version of the Android OS that incorporates mandatory access control (MAC) policies, as required by the company policy. SEAndroid ensures that apps and system processes operate within their designated boundaries, enhancing the overall security of the mobile device.
- Disable 802.11: This control will ensure that the devices do not connect to Wi-Fi networks and adhere to the policy of using mobile carrier data transport exclusively. It helps prevent potential security breaches through unsecured or malicious Wi-Fi networks.
- Disable Bluetooth: Turning off Bluetooth connectivity reduces the risk of unauthorized access from nearby devices. Disabling Bluetooth is a standard practice in securing mobile devices against certain types of attacks such as bluejacking or bluesnarfing.
The other options provided do not directly address the specified policy requirements. Furthermore, while options like enabling secure boot and remote wipe are beneficial for mobile device security, they do not specifically relate to the requirement of mandatory access control by the OS or the restriction to mobile carrier data transport only.