Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-58951 | MSWP-81-500101 | SV-73381r1_rule | Medium |
Description |
---|
When a mobile device is locked, there should be no access to its protected/sensitive data since it could enable unauthorized people with physical access to the device to bring up and view confidential information. The Action Center on the Windows Phone 8.1 platform allows the viewing of recent notifications including emails, calendar reminders, instant messages, and other potentially sensitive information. Disabling this feature mitigates the exposure of this data. SFR ID: FMT_SMF.1.1 #42 |
STIG | Date |
---|---|
Microsoft Windows Phone 8.1 Security Technical Implementation Guide | 2015-03-26 |
Check Text ( C-59781r1_chk ) |
---|
This validation procedure is performed on both the MDM administration console and the Windows Phone mobile device. It assumes you have an existing device time-out policy in place that will lock the device after a certain period. On the MDM administration console: 1. Ask the MDM administrator to verify the phone compliance policy. 2. Find the setting for "allow access to Action Center information under lockscreen". 3. Verify that setting restriction is turned off/disallowed. On the Windows Phone mobile device: 1. If On, tap the power button to turn the screen off; otherwise, leave the screen off until the time-out period passes. The device could also be powered off instead. 2. Press the power button to turn on the screen. 3. The lockscreen background screen should appear. Swipe a finger from the very top of the screen to bring up the action center. 4. Verify that when the action center appears, the only things visible are the 4 configurable settings buttons, along with the "all settings" button. If an MDM policy to disallow the "allow access to Action Center information under lockscreen" is missing, or any notifications for various services like email show up under the settings buttons, this is a finding. |
Fix Text (F-64345r1_fix) |
---|
Configure the MDM system to require the "allow access to Action Center information under lockscreen" policy to be disabled for Windows Phone devices. Deploy the MDM policy on managed devices. |