Windows Phone 6.5 (with Good Mobility Suite) Security Technical Implementation Guide

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Windows Phone 6.5 (with Good Mobility Suite) Security Technical Implementation Guide

Overview

Version	Date	Finding Count (9)			Downloads
1	2011-10-04	CAT I (High): 0	CAT II (Med): 6	CAT III (Low): 3	Excel	JSON	XML

STIG Description
This STIG contains technical security controls required for the use of Windows Phone 6.5 devices in the DoD environment when managed by the Good Mobility Suite.

Available Profiles

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC III - Administrative Public)

Finding ID	Severity	Title	Description
V-25022	Medium	All smartphones must display the required banner during device unlock/ logon.	DoD CIO memo requires all PDAs, BlackBerrys, and smartphones to have a consent banner displayed during logon/device unlock to ensure users understand their responsibilities to safeguard DoD data.
V-24981	Medium	Smartphone devices must have required operating system software versions installed.	Required security features are not available in earlier OS versions. In addition, there are known vulnerabilities in earlier versions.
V-19899	Medium	All wireless PDA client VPNs must have split tunneling disabled. This check is not applicable if the installed VPN client is not used for remote access to DoD networks.	DoD data could be compromised if transmitted data is not secured with a compliant VPN. Split tunneling could allow connections from non-secure Internet sites to access data on the DoD network.
V-19898	Medium	All wireless PDA clients used for remote access to DoD networks must have a VPN supporting CAC authentication. This check is not applicable if the installed VPN client is not used for remote access to DoD networks.	DoD data could be compromised if transmitted data is not secured with a compliant VPN.
V-19897	Medium	All wireless PDA clients used for remote access to DoD networks must have a VPN that supports AES encryption. This check is not applicable if the installed VPN client is not used for remote access to DoD networks.	DoD data could be compromised if transmitted data is not secured with a compliant VPN.
V-18627	Medium	The VPN client on wireless clients (PDAs, smartphones) used for remote access to DoD networks must be FIPS 140-2 validated. This check is not applicable if the installed VPN client is not used for remote access to DoD networks.	DoD data could be compromised if transmitted data is not secured with a compliant VPN. FIPS validation provides a level of assurance that the encryption of the device has been securely implemented.
V-24986	Low	All non-core applications on the smartphone must be approved by the DAA or Command IT Configuration Control Board.	Non-approved applications can contain malware. Approved applications should be reviewed and tested by the approving authority to ensure they do not contain malware, spyware, or have unexpected...
V-24984	Low	If smartphone email auto signatures are used, the signature message must not disclose that the email originated from a smartphone (e.g., “Sent From My Wireless Handheld”).	The disclaimer message may give information which may key an attacker in on the device. This is primarily an OPSEC issue. This setting was directed by the CYBERCOM.
V-24982	Low	Smart Card Readers (SCRs) used with smartphone must have required software version installed.	Required security features are not available in earlier software versions. In addition, there may be known vulnerabilities in earlier versions.