From Microsoft Windows 10 Mobile Security Technical Implementation Guide
Part of PP-MDF-201016
Associated with: CCI-000381
USB mass storage mode enables the transfer of data and software from one device to another. This software can include malware. When USB mass storage is enabled on a mobile device, it becomes a potential vector for malware and unauthorized data exfiltration. Prohibiting USB mass storage mode mitigates this risk.
Review Windows 10 Mobile configuration settings to determine if the mobile device has a USB mass storage mode and whether it has been disabled. If feasible, use a spare device to determine if this data transfer capability is disabled. This procedure is the same as requirement MSWM-10-202608. The procedure only has to be performed once. This validation procedure is performed on both the MDM administration console and the Windows 10 Mobile device and a locally connected desktop. On the MDM administration console: 1. Ask the MDM administrator to display the USB connectivity setting. 2. Verify the USB connectivity setting is disabled. On the Windows 10 Mobile device: 1. Connect device to a desktop (that has USB ports enabled). 2. Launch Windows File Explorer on the desktop or wait for a connection pop-up that asks if you want to display the device. 3. In File Explorer click on "This PC" in the left pane. 4. Verify by looking in the right pane of Windows Explorer that the name of the connected device, which may be "Windows Phone" is not displayed. If the MDM does not have a compliance policy that disables USB connectivity or if using Windows File Explorer a Windows 10 Mobile device name is shown under "This PC", this is a finding.
This procedure is the same as requirement MSWM-10-202608. The procedure only has to be performed once. Configure the MDM system to require the "Allow USB Connection" policy to be disabled for Windows 10 Mobile devices. Deploy the MDM policy on managed devices.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer