The EMM system supporting the iOS/iPadOS 16 BYOAD must be NIAP validated (included on the NIAP list of compliant products or products in evaluation) unless the DOD CIO has granted an approved Exception to Policy (E2P).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-257100	AIOS-16-800200	SV-257100r904452_rule		High

Description
Note: For a virtual mobile infrastructure (VMI) solution, both the client and server must be NIAP compliant. Nonapproved EMM systems may not include sufficient controls to protect work data, applications, and networks from malware or adversary attack. EMM systems include mobile device management (MDM), mobile application management (MAM), mobile content management (MCM), or VMI. Components must only approve devices listed on the NIAP product compliant list or products listed in evaluation at the following links respectively: - https://www.niap-ccevs.org/Product/ - https://www.niap-ccevs.org/Product/PINE.cfm Reference: DOD policy "Use of Non-Government Mobile Devices". 3.a.(2). SFR ID: FMT_SMF_EXT.1.1 #47

Description

Note: For a virtual mobile infrastructure (VMI) solution, both the client and server must be NIAP compliant. Nonapproved EMM systems may not include sufficient controls to protect work data, applications, and networks from malware or adversary attack. EMM systems include mobile device management (MDM), mobile application management (MAM), mobile content management (MCM), or VMI. Components must only approve devices listed on the NIAP product compliant list or products listed in evaluation at the following links respectively: - https://www.niap-ccevs.org/Product/ - https://www.niap-ccevs.org/Product/PINE.cfm Reference: DOD policy "Use of Non-Government Mobile Devices". 3.a.(2). SFR ID: FMT_SMF_EXT.1.1 #47

STIG	Date
Apple iOS/iPad OS 16 MDFPP 3.3 BYOAD Security Technical Implementation Guide	2023-08-14

Details

Check Text ( C-60785r904043_chk )
Verify the EMM system supporting the iOS/iPadOS BYOAD is NIAP validated (included on the NIAP list of compliant products or products in evaluation). If it is not, verify the DOD CIO has granted an approved E2P. Note: For a VMI solution, both the client and server components must be NIAP compliant. If the EMM system supporting the iOS/iPadOS BYOAD is not NIAP validated (included on the NIAP list of compliant products or products in evaluation) and the DOD CIO has not granted an approved E2P, this is a finding.

Check Text ( C-60785r904043_chk )

Verify the EMM system supporting the iOS/iPadOS BYOAD is NIAP validated (included on the NIAP list of compliant products or products in evaluation).

If it is not, verify the DOD CIO has granted an approved E2P.

Note: For a VMI solution, both the client and server components must be NIAP compliant.

If the EMM system supporting the iOS/iPadOS BYOAD is not NIAP validated (included on the NIAP list of compliant products or products in evaluation) and the DOD CIO has not granted an approved E2P, this is a finding.

Fix Text (F-60726r904044_fix)
Only use an EMM system supporting the iOS/iPadOS 16 BYOAD that is NIAP validated (included on the NIAP list of compliant products or products in evaluation) unless the DOD CIO has granted an approved E2P. Note: For a VMI solution, both the client and server components must be NIAP compliant.