Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Windows Phone 8.1 must be configured to enable data-at-rest protection for built-in storage media.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-58945 | MSWP-81-101102 | SV-73375r1_rule | High |
| Description |
|---|
| The operating system must ensure the data being written to the mobile device's built-in storage media is protected from unauthorized access. If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can read storage media directly, thereby circumventing operating system controls. Encrypting the data ensures confidentiality is protected even when the operating system is not running. SFR ID: FMT_SMF.1.1 #22 |
| STIG | Date |
|---|---|
| Microsoft Windows Phone 8.1 Security Technical Implementation Guide | 2015-03-26 |
Details
| Check Text ( C-59775r2_chk ) |
|---|
| This validation procedure is performed on both the MDM administration console and the Windows Phone mobile device. On the MDM administration console: 1. Ask the MDM administrator to display the device encryption setting. 2. Verify device encryption is activated. On the Windows Phone mobile device: 1. Launch "Settings". 2. Select "storage sense". 3. Verify the word "encrypted" appears after the measurement of how much storage is in use. For example, "2.62 GB used, encrypted" is compliant, whereas "2.62 GB used" is not compliant. If the MDM is not configured to enforce encryption, or if the word "encrypted" does not appear in the specified location in the "storage sense" screen of the Settings app, this is a finding. |
| Fix Text (F-64339r1_fix) |
|---|
| Configure the MDM system to require the device encryption for Windows Phone devices. Deploy the MDM policy to managed devices. |