UCF STIG Viewer Logo

Microsoft Windows Phone 8.1 Security Technical Implementation Guide


Overview

Date Finding Count (25)
2015-05-13 CAT I (High): 2 CAT II (Med): 20 CAT III (Low): 3
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-58947 High Windows Phone 8.1 must be configured to enable data-at-rest protection for removable storage media or to disable the removable storage media.
V-58945 High Windows Phone 8.1 must be configured to enable data-at-rest protection for built-in storage media.
V-59025 Medium Windows Phone 8.1 must be running build 8.10.15116 or higher (GDR2).
V-58973 Medium Windows Phone 8.1 must disable split-tunneling on the VPN client.
V-58971 Medium Windows Phone 8.1 must be designed to implement protected and secure OS Updates.
V-58959 Medium Windows Phone 8.1 must be configured to implement the management setting: Disable the capability for a user to manually unenroll from MDM management.
V-58975 Medium Windows Phone 8.1 must have a mechanism to restrict capabilities of applications and OS components that leverage cloud storage by blocking access to OneDrive at the firewall level.
V-58955 Medium Windows Phone 8.1 must be configured to implement the management setting: Not allow the device unlock password to contain more than two sequential or repeating characters (e.g., 456, aaa).
V-58977 Medium Windows Phone 8.1 must require an Always On VPN session when used.
V-58957 Medium Windows Phone 8.1 must be configured to implement the management setting: Disable the capability of the Cortana personal assistant A.I. to be functional when the device is locked.
V-58951 Medium Windows Phone 8.1 must be configured to implement the management setting: Disable the capability of being able to show notifications in the Action Center while a device is locked.
V-58953 Medium Windows Phone 8.1 must be configured to implement the management setting: Disable the ability of users to be able to manually turn off the VPN.
V-58937 Medium Windows Phone 8.1 must be configured to disable USB mass storage mode.
V-58935 Medium Windows Phone 8.1 must be configured to enforce an application installation policy through an application whitelist specifying a set of allowed applications and versions.
V-58933 Medium Windows Phone 8.1 must be configured to enforce an application installation policy by specifying one or more authorized application repositories.
V-58931 Medium Windows Phone 8.1 must be configured to disable developer modes.
V-58979 Medium Windows Phone 8.1 must have a mechanism to restrict capabilities of applications and OS components that leverage cloud storage by disabling the Backup feature.
V-58961 Medium Windows Phone 8.1 must be configured to implement the management setting: Disable the sharing of Office documents through service providers like email and cloud.
V-58963 Medium Windows Phone 8.1 must be configured to implement the management setting: Disable the capability for syncing settings such as the theme, application settings, Internet Explorer sites visited, and cached passwords to Microsoft OneDrive cloud storage.
V-58965 Medium Windows Phone 8.1 must be configured to implement the management setting: Disallow the sharing of device telemetry captured as a result of crashes and other logging processes.
V-58967 Medium Windows Phone 8.1 must be configured to implement the management setting: Employ mobile device management services to centrally manage security-relevant configuration and policy settings.
V-58941 Medium Windows Phone 8.1 must be configured to lock the display after 15 minutes (or less) of inactivity.
V-58949 Low Before establishing a user session, Windows Phone 8.1 must display an administrator-specified advisory notice and consent warning banner regarding use of Windows Phone 8.1.
V-58939 Low Windows Phone 8.1 must be configured to prohibit more than 10 consecutive failed authentication attempts.
V-58943 Low Windows Phone 8.1 must be configured to enforce a minimum password length of 6 characters.