From Microsoft Windows 10 Mobile Security Technical Implementation Guide
Part of PP-MDF-201011
Associated with: CCI-001199
The MOS must ensure the data being written to the mobile device's built-in storage media is protected from unauthorized access. If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can read storage media directly, thereby circumventing operating system controls. Encrypting the data ensures confidentiality is protected even when the operating system is not running.
Review Windows 10 Mobile configuration settings to determine if data in the mobile device's built-in storage media is encrypted. This validation procedure is performed on both the MDM administration console and the Windows 10 Mobile device. On the MDM administration console: 1. Ask the MDM administrator to display the device encryption setting. 2. Verify device encryption is activated. On the Windows 10 Mobile device: 1. Launch "Settings". 2. Select "Update & security". 3. Select "Device encryption". 4. Verify the toggle for Device Encryption is set to "On" and that setting is disabled/read-only. If the MDM is not configured to enforce encryption, or if the "Device encryption" setting is not toggled to "On" and disabled/read-only, this is a finding.
Configure the MDM system to require device encryption for Windows 10 Mobile devices. Deploy the MDM policy to managed devices.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer