Windows 10 Mobile must not allow use of developer modes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-69711 | MSWM-10-200303 | SV-84333r1_rule | Medium |
| Description |
|---|
| Developer modes expose features of the MOS that are not available during standard operation. An adversary may leverage a vulnerability inherent in a developer mode to compromise the confidentiality, integrity, and availability of DoD-sensitive information. Disabling developer modes mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #24 |
| STIG | Date |
|---|---|
| Microsoft Windows 10 Mobile Security Technical Implementation Guide | 2017-09-11 |
Details
| Check Text ( C-70153r1_chk ) |
|---|
| Review Windows 10 Mobile configuration settings to determine whether a developer mode is enabled. This validation procedure is performed on both the MDM administration console and the Windows 10 Mobile device. On the MDM administration console: 1. Ask the MDM administrator to verify the phone compliance policy. 2. Find the setting for restricting the Developer Unlocking/Developer Mode capability. 3. Verify that setting is set to disabled/off. On the Windows 10 Mobile device: 1. Launch "Settings". 2. Tap on "Update & security" and then tap on "For developers". 3. Verify that the setting titled "Developer mode" is not selected and it is disabled/read-only. If the MDM does not have the Developer Unlocking/Developer Mode policy to disable developer mode enforced, or if on the phone the setting titled "Developer mode" is not disabled/read-only on the "Developer mode" screen, this is a finding. |
| Fix Text (F-75915r1_fix) |
|---|
| Configure the MDM system to require the Developer Unlocking/Developer Mode policy be disabled for Windows 10 Mobile devices. Deploy the MDM policy on managed devices. |