Mobile systems must encrypt all data per the DoD Data at Rest policy.

From Windows 8/8.1 Security Technical Implementation Guide

Part of WN08-00-000013

Associated with IA controls: ECCR-1, ECCR-2

Associated with: CCI-001199 CCI-002475 CCI-002476

SV-48282r2_rule Mobile systems must encrypt all data per the DoD Data at Rest policy.

Vulnerability discussion

If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can remove non-volatile memory and read it directly, thereby circumventing operating system controls. Encrypting the data ensures that confidentiality is protected even when the operating system is not running.

Check content

Verify the system employs DoD-approved full disk encryption. If full disk encryption is not implemented, this is a finding.

Fix text

Install an approved DoD encryption package and enable full disk encryption.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer