Title

The location feature must be turned off. (Cat II impact)

Discussion

The location service on systems may allow sensitive data to be used by applications on the system. This should be turned off unless explicitly allowed for approved systems/applications.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Microsoft\Windows\LocationAndSensors\ Value Name: DisableLocation Type: REG_DWORD Value: 1 (Enabled) If location services are approved for the system by the organization, this may be set to "Disabled" (0). This must be documented with the ISSO.

Fix Text

Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Location and Sensors -> "Turn off location" to "Enabled". If location services are approved by the organization for a device, this must be documented.

Additional Identifiers

Rule ID: SV-226198r794441_rule

Vulnerability ID: V-226198

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.