From Microsoft Windows 10 Mobile Security Technical Implementation Guide
Part of PP-MDF-201012
Associated with: CCI-001199
The MOS must ensure the data being written to the mobile device's removable media is protected from unauthorized access. If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can read removable media directly, thereby circumventing operating system controls. Encrypting the data ensures confidentiality is protected even when the operating system is not running.
Review Windows 10 Mobile configuration settings to determine if data in the mobile device's removable storage media is encrypted. If feasible, use a spare device to confirm that data-at-rest protection is enabled for removable storage media. This validation procedure is performed on both the MDM administration console and the Windows 10 Mobile device. On the MDM administration console: 1. Ask the MDM administrator to verify the phone compliance policy. 2. Find the setting for "require storage cards to be encrypted". 3. Verify the setting for requiring require storage card encryption is enforced. On a Windows 10 Mobile device that contains a microSD slot and has a microSD card inserted: 1. Launch "Settings". 2. Tap on "Update & security" and then tap on "Device encryption". 3. Under the section called "Device encryption" there are two settings, the first one is for enforcing encryption on main device storage and the second which controls encryption of removable storage cards like SD cards. For this control examine the second setting for SD cards. 4. Verify that the device encryption for SD cards setting is toggled to "On". If the MDM does not have a policy enforcement that enforces the encryption of removable storage (SD) cards, this is a finding.
Configure the MDM system to enforce a policy which configures the "require storage cards to be encrypted" policy to be enabled for Windows 10 Mobile devices. Deploy the MDM policy to managed devices.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer