From Microsoft Windows 10 Mobile Security Technical Implementation Guide
Part of PP-MDF-201006
Associated with: CCI-000366 CCI-001806
Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing such installations and executions could cause a compromise of DoD data accessible by these unauthorized/malicious applications. A risk assessment for the download of apps from the Microsoft Store has not yet been completed by the DoD, and therefore, should not be accessed for the download of authorized non-managed apps (personal apps) at this time.
Review Windows 10 Mobile configuration settings to determine if the Windows Store is accessible. If feasible, use a spare device to determine if the "Store" application is accessible. This validation procedure is performed on both the MDM administration console and the Windows 10 Mobile device. On the MDM administration console: 1. Display the policy that restricts the use of a Store application. 2. Verify that this policy is set to be disabled. On Windows 10 Mobile device: 1. From the Start page or on the Applications page (swipe to the left from the Start page), find the Store application icon. Note: The Store icon should appear dim. 2. Tap on the Store app to attempt to launch it. A message should be displayed: "App disabled. This app has been disabled by company policy. Contact your company's support person for help." If the MDM does not have a policy that disables the Store application or if the Windows Store app can be successfully launched, this is a finding.
Configure an application control policy using an MDM for Windows 10 Mobile to disable the Store application. Deploy the policy to managed devices.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer