Navigate

Check: WN10-00-000250

Microsoft Windows 10 STIG: WN10-00-000250 (in versions v2 r9 through v2 r6)

Title

Windows 10 nonpersistent VM sessions must not exceed 24 hours. (Cat II impact)

Discussion

For virtual desktop implementations (VDIs) where the virtual desktop instance is deleted or refreshed upon logoff, the organization should enforce that sessions be terminated within 24 hours. This would ensure any data stored on the VM that is not encrypted or covered by Credential Guard is deleted.

Check Content

Ensure there is a documented policy or procedure in place that nonpersistent VM sessions do not exceed 24 hours. If the system is NOT a nonpersistent VM, this is Not Applicable. If no such documented policy or procedure is in place, this is a finding.

Fix Text

Set nonpersistent VM sessions to not exceed 24 hours.

Additional Identifiers

Rule ID: SV-220738r890426_rule

Vulnerability ID: V-220738

Group Title: SRG-OS-000185-GPOS-00079

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001199	The information system protects the confidentiality and/or integrity of organization-defined information at rest.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
SC-28	Protection Of Information At Rest