From Microsoft Windows 10 Mobile Security Technical Implementation Guide
Part of PP-MDF-991000
Associated with: CCI-000366
Passwords provide a form of access control that prevents unauthorized individuals from accessing computing resources and sensitive data. Passwords may also be a source of entropy for generation of key encryption or data encryption keys. If a password is not required to access data, then this data is accessible to any adversary who obtains physical possession of the device. Requiring that a password be successfully entered before the mobile device data is unencrypted mitigates this risk.
Review Windows 10 Mobile configuration settings to determine if the mobile device requires that a password be entered before the device is unlocked. If feasible, use a spare device to test if a password is required to unlock it. This validation procedure is performed on both the MDM administration console and the Windows 10 Mobile device. Check whether the appropriate setting is configured on the MDM. Administration Console: 1. Ask the MDM administrator to display the "Password" setting in the MDM console. 2. Verify the settings for requiring a password is enforced. On the Windows 10 Mobile device: 1. Power down the device. 2. Power back up the device. 3. Verify that once the device powers up that the lockscreen is displayed and when you swipe up, the "Enter PIN" screen is shown and a PIN is required to access the device. If the MDM does not set the policy for requiring a password or if on the phone a password/PIN is not required to access the device, this is a finding.
Configure the MDM system to enforce a password is required before unlocking a device. Deploy the policy on managed devices.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer