Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-58975 | MSWP-81-501411 | SV-73405r1_rule | Medium |
Description |
---|
While backup and collaboration of data is useful from a productivity perspective, if that same data can be shared to public locations through cloud storage services, data leakage scenarios are possible, enabling sensitive data to be shared outside of secure DoD locations. To mitigate these threats, the ability to store or backup data in public cloud areas should be blocked. For Windows Phone 8.1, this requirement is needed to prevent access to cloud services like OneDrive by OS applications and components such as: Office Hub/Applications OneNote Backup SFR ID: FMT_SMF.1.1 #42 |
STIG | Date |
---|---|
Microsoft Windows Phone 8.1 Security Technical Implementation Guide | 2015-03-26 |
Check Text ( C-59805r2_chk ) |
---|
This validation procedure is performed only on the firewall(s) that control VPN Gateway access for mobile devices accessing public OneDrive on the Internet. On the firewall administration console: 1. Ask the firewall administrator to verify that a rule exists that blocks outbound access to OneDrive. 2. Verify there is a rule to block access to all of these domains: "*.live.com" "*.live.net" "*.livefilestore.com" "*.1drv.com" If the firewall for the DoD VPN does not have rules prohibiting outbound traffic to "*.live.com", "*.live.net", "*.livefilestore.com", and "*.1drv.com", this is a finding. |
Fix Text (F-64369r2_fix) |
---|
Configure firewall settings for the VPN Gateway to terminate inbound traffic from mobile devices accessing public OneDrive on the Internet. Configure the firewall for VPN as follows: 1. Have the firewall administrator add rules that block outbound access to OneDrive. Block access to these domains: "*.live.com" "*.live.net" "*.livefilestore.com" "*.1drv.com" This is one of 5 implementation requirements that work together to prevent access to cloud services. |