UCF STIG Viewer Logo

Windows Phone 8.1 must be configured to enforce an application installation policy by specifying one or more authorized application repositories.


Overview

Finding ID Version Rule ID IA Controls Severity
V-58933 MSWP-81-100303 SV-73363r1_rule Medium
Description
Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing such installations and executions could cause a compromise of DoD data accessible by these unauthorized/malicious applications. SFR ID: FMT_SMF.1.1 #10
STIG Date
Microsoft Windows Phone 8.1 Security Technical Implementation Guide 2015-05-13

Details

Check Text ( C-59761r2_chk )
This validation procedure is performed on both the MDM administration console and the Windows Phone mobile device.

On the MDM administration console:
1. Display the policy that restricts the use of a Store application.
2. Verify that this policy is set to be disabled.

On Windows Phone:
1. From the Start page or on the Applications page (swipe to the left from the Start page), find the Store application icon.
NOTE: The Store icon should appear dim.

2. Tap on the Store app to attempt to launch it. A message should be displayed:
"App disabled. This app has been disabled by company policy. Contact your company's support person for help."

If the MDM does not have a policy that disables the Store application, or if the Windows Store app can be successfully launched, this is a finding.
Fix Text (F-64325r1_fix)
Configure an application control policy using an MDM for Windows Phone 8.1 to disable the Store application. Deploy the policy to managed devices.