From Microsoft Windows 10 Mobile Security Technical Implementation Guide
Part of PP-MDF-201010
Associated with: CCI-000381
Developer modes expose features of the MOS that are not available during standard operation. An adversary may leverage a vulnerability inherent in a developer mode to compromise the confidentiality, integrity, and availability of DoD-sensitive information. Disabling developer modes mitigates this risk.
Review Windows 10 Mobile configuration settings to determine whether a developer mode is enabled. This validation procedure is performed on both the MDM administration console and the Windows 10 Mobile device. On the MDM administration console: 1. Ask the MDM administrator to verify the phone compliance policy. 2. Find the setting for restricting the Developer Unlocking/Developer Mode capability. 3. Verify that setting is set to disabled/off. On the Windows 10 Mobile device: 1. Launch "Settings". 2. Tap on "Update & security" and then tap on "For developers". 3. Verify that the setting titled "Developer mode" is not selected and it is disabled/read-only. If the MDM does not have the Developer Unlocking/Developer Mode policy to disable developer mode enforced, or if on the phone the setting titled "Developer mode" is not disabled/read-only on the "Developer mode" screen, this is a finding.
Configure the MDM system to require the Developer Unlocking/Developer Mode policy be disabled for Windows 10 Mobile devices. Deploy the MDM policy on managed devices.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer