From Microsoft Windows 10 Mobile Security Technical Implementation Guide
Part of PP-MDF-201028
Associated with: CCI-000366
The fingerprint reader or iris scan (supported by some Windows 10 Mobile devices) can be used to authenticate the user in order to unlock the mobile device. At this time, no biometric reader has been approved for DoD use on mobile devices. This technology would allow unauthorized users to have access to DoD sensitive data if compromised. By not permitting the use of non-password authentication mechanisms, users are forced to use passcodes that meet DoD passcode requirements.
Review Windows 10 Mobile documentation and inspect the configuration on Windows 10 Mobile to disable authentication mechanisms providing user access to protected data other than a Password Authentication Factor (e.g., using a fingerprint), unless mechanism is DoD-approved. This validation procedure is performed only on the MDM administration console. On the MDM administration console: 1. Ask the MDM administrator to verify the phone compliance policy. 2. Find the setting for restricting Biometrics authentication "Biometrics/UseBiometrics". 3. Verify that setting restriction is turned on (feature disabled). If the MDM does not have a compliance policy that disables "Biometrics/UseBiometrics", this is a finding.
Configure the MDM system to require the "Biometrics/UseBiometrics" policy to be disabled for Windows 10 Mobile devices. Deploy the MDM policy on managed devices.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer