UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Windows Phone 8.1 must be configured to enable data-at-rest protection for removable storage media or to disable the removable storage media.


Overview

Finding ID Version Rule ID IA Controls Severity
V-58947 MSWP-81-101202 SV-73377r1_rule High
Description
The operating system must ensure the data being written to the mobile device's removable media is protected from unauthorized access. If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can read removable media directly, thereby circumventing operating system controls. Encrypting the data ensures confidentiality is protected even when the operating system is not running. Windows Phone 8.1 platform cannot enforce encryption for removable media, so the use of removable media must be disabled. This alternative mitigation, prohibiting the use of removable storage media using an IA control, eliminates the threat of data vulnerabilities since no data can be stored on such media. SFR ID: FMT_SMF.1.1 #23
STIG Date
Microsoft Windows Phone 8.1 Security Technical Implementation Guide 2015-03-26

Details

Check Text ( C-59777r1_chk )
This validation procedure is performed on both the MDM administration console and the Windows Phone mobile device.

On the MDM administration console:
1. Ask the MDM administrator to verify the phone compliance policy.
2. Find the setting for "allow removable storage".
3. Verify that setting restriction is turned off/disallowed.

On a Windows Phone 8.1 device that contains a microSD slot and has a microSD card inserted:
1. Launch "settings".
2. Find and tap on "storage sense".
3. If a removable storage card is mounted, there should be a section that lists phone storage, and directly under that, a section for SD card storage.
4. Verify that the SD card section has a sentence directly below it that says "not found".

If the MDM does not have a policy enforcement that disables the use of removable storage, or if a "not found" message does not appear under the SD card location on the "storage sense" screen of the Settings app, and instead, under SD card, you see how much space is used and how much is free, that SD card was not disabled, and this is a finding.
Fix Text (F-64341r1_fix)
Configure the MDM system to enforce a policy that configures the "allow removable storage" policy to be disabled for Windows Phone devices.

Deploy the MDM policy to managed devices.