The iOS/iPadOS 16 BYOAD device must be configured to disable copy and paste from managed (work profile) apps/contacts to unmanaged (personal profile) apps/contacts and vice versa.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-257098 | AIOS-16-800160 | SV-257098r904039_rule | Medium |
| Description |
|---|
| Protection of DOD data is a key construct of the BYOAD security baseline, including disabling the capability to copy/paste data between the managed/work profile and the unmanaged/personal profile. Reference: NIST Special Publication 1800-22, "Mobile Device Security: Bring Your Own Device (BYOD)". SFR ID: FMT_SMF_EXT.1.1 #47 |
| STIG | Date |
|---|---|
| Apple iOS/iPad OS 16 MDFPP 3.3 BYOAD Security Technical Implementation Guide | 2023-08-14 |
Details
| Check Text ( C-60783r904037_chk ) |
|---|
| Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS management tool, verify "Require managed pasteboard" is set to "True". If "Require managed pasteboard" is not set to "True", this is a finding. Note: This requirement is the same as AIOS-16-714600 in the Apple iOS/iPadOS 16 BYOAD STIG. |
| Fix Text (F-60724r904038_fix) |
|---|
| Configure the Apple iOS configuration profile to disable copy/paste of data from managed to unmanaged applications. The procedure for implementing this control will vary depending on the MDM/EMM used by the mobile service provider. In the MDM console, set "Require managed pasteboard" to "True". Note: This requirement is the same as AIOS-16-714600 in the Apple iOS/iPadOS 16 BYOAD STIG. |