Navigate

Check: WN10-00-000250

Microsoft Windows 10 STIG: WN10-00-000250 (in versions v2 r5 through v1 r22)

Title

Windows 10 non-persistent VM sessions should not exceed 24 hours. (Cat II impact)

Discussion

For virtual desktop implementations (VDIs) where the virtual desktop instance is deleted or refreshed upon logoff, the organization should enforce that sessions be terminated within 24 hours. This would ensure any data stored on the VM that is not encrypted or covered by Credential Guard is deleted.

Check Content

Ensure there is a documented policy or procedure in place that non-persistent VM sessions do not exceed 24 hours. If there is no such documented policy or procedure in place, this is a finding.

Fix Text

Set non-persistent VM sessions to not exceed 24 hours.

Additional Identifiers

Rule ID: SV-220738r569187_rule

Vulnerability ID: V-220738

Group Title: SRG-OS-000185-GPOS-00079

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001199	Protects the confidentiality and/or integrity of organization-defined information at rest.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
SC-28	Protection of Information at Rest