Navigate

Check: WN08-00-000013

Windows 8/8.1 STIG: WN08-00-000013 (in versions v1 r23 through v1 r16)

Title

Mobile systems must encrypt all data per the DoD Data at Rest policy. (Cat I impact)

Discussion

If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can remove non-volatile memory and read it directly, thereby circumventing operating system controls. Encrypting the data ensures that confidentiality is protected even when the operating system is not running.

Check Content

Verify the system employs DoD-approved full disk encryption. If full disk encryption is not implemented, this is a finding.

Fix Text

Install an approved DoD encryption package and enable full disk encryption.

Additional Identifiers

Rule ID: SV-48282r2_rule

Vulnerability ID: V-36665

Group Title: WN08-00-000013

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001199	Protects the confidentiality and/or integrity of organization-defined information at rest.
CCI-002475	Implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest on organization-defined system components.
CCI-002476	Implement cryptographic mechanisms to prevent unauthorized disclosure of organization-defined information at rest on organization-defined system components.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
SC-28	Protection of Information at Rest
SC-28(1)	Cryptographic Protection