UCF STIG Viewer Logo

Apple iOS6 Security Technical Implementation Guide


Overview

Date Finding Count (55)
2014-10-07 CAT I (High): 5 CAT II (Med): 35 CAT III (Low): 15
STIG Description
Developed by DISA for use in the DoD. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Public)

Finding ID Severity Title
V-32716 High The mobile operating system must employ a DoD-approved anti-malware protections.
V-32698 High MDM, MAM, and integrity validation agent(s) must be installed on the mobile OS device.
V-32699 High The mobile operating system must not permit a user to disable or modify the security policy or enforcement mechanisms on the device.
V-54983 High Apple iOS operating systems that are no longer supported by the vendor for security updates must not be installed on a system.
V-32700 High The mobile operating system must provide mutual authentication between the provisioning server and the provisioned device during a trusted over-the-air (OTA) provisioning session.
V-34174 Medium The iOS device user must not allow applications to share data between iOS devices via Bluetooth.
V-32711 Medium The mobile operating system must prevent a user from using a browser that does not direct its traffic to a DoD proxy server.
V-34173 Medium Access to iOS Passbook applications must be disabled.
V-34172 Medium Shared Photo Stream must be disabled.
V-25010 Medium The mobile device must be set to lock the device after a set period of user inactivity.
V-25011 Medium Passcode maximum failed attempts must be set to required value.
V-27635 Medium Remote full device wipe must be enabled.
V-25013 Medium Users ability to download iOS applications must be disabled.
V-25007 Medium Mobile devices must be configured to require a password/passcode for device unlock.
V-34322 Medium The ability to wipe a DoD iOS device via an iCloud account must be disabled.
V-25019 Medium The mobile device Bluetooth radio must only connect to authorized Bluetooth peripherals.
V-32696 Medium All mobile device VPN clients must timeout after a set period of inactivity.
V-32697 Medium The mobile operating system must not cache smart card or certificate store passwords used by the VPN client for more than two hours.
V-25016 Medium The device minimum password/passcode length must be set.
V-32695 Medium Diagnostic Data must not be sent to Apple or other unauthorized entity.
V-37769 Medium The iOS Passcode must contain at least one alphabetic and one numeric character.
V-32690 Medium iCloud Backup must be disabled.
V-32691 Medium Document Syncing must be disabled.
V-25022 Medium All mobile devices must display the required banner during device unlock/logon.
V-32701 Medium The mobile operating system must protect the confidentiality of the provisioning data downloaded to the handheld device during a trusted over-the-air (OTA) provisioning session.
V-32702 Medium The mobile operating system must protect the integrity of the provisioning data downloaded to the handheld device during a trusted over-the-air (OTA) provisioning session.
V-32706 Medium The cryptographic module supporting encryption of data in transit (including email and attachments) must be FIPS 140-2 validated.
V-25012 Medium Access to public media stores must be disabled.
V-19899 Medium All mobile device VPN clients must have split tunneling disabled.
V-19898 Medium All mobile device VPN clients used for remote access to DoD networks must be configured to require CAC authentication.
V-32688 Medium iOS Multiplayer Gaming must be disabled.
V-19897 Medium All mobile device VPN clients used for remote access to DoD networks must support AES encryption.
V-34316 Medium A Wi-Fi profile must be set up on managed iOS devices to disable access to any public Wi-Fi network that iOS may otherwise auto-join.
V-37770 Medium The iOS Passcode must contain at least one complex (non-alphanumeric) character.
V-32686 Medium iOS Siri application must be disabled.
V-32689 Medium Adding Game Center Friends must be disabled.
V-25003 Medium Mobile devices must have the required operating system software version installed.
V-24983 Medium S/MIME must be installed on mobile device, so users can sign/encrypt email.
V-25015 Medium Mobile device screen capture must not be allowed.
V-18627 Medium The VPN client on mobile devices used for remote access to DoD networks must be FIPS 140-2 validated.
V-25017 Low Apple iOS Auto-Lock must be set.
V-35006 Low The iOS device iMessage service must be set to Off at all times (User Based Enforcement (UBE)).
V-25051 Low Location services must be turned off unless authorized for use for particular applications, in which case, location services must only be available to the authorized applications.
V-25033 Low iOS Safari must be disabled.
V-25018 Low The mobile device passcode/password history setting must be set.
V-32693 Low Photo Stream must be disabled.
V-25092 Low The iOS device Wi-Fi setting Ask to Join Networks must be set to Off at all times (User Based Enforcement (UBE)).
V-32703 Low The mobile operating system must support the capability for the system administrator to disable over-the-air (OTA) provisioning.
V-25755 Low Access to online application purchases must be disabled.
V-25009 Low Maximum passcode age must be set.
V-24984 Low If mobile device email auto signatures are used, the signature message must not disclose the email originated from a CMD (e.g., Sent From My Wireless Handheld).
V-25008 Low The iOS device password complexity must be set to the required value.
V-24982 Low Smart Card Readers (SCRs) used with CMDs must have required software version installed.
V-25014 Low Mobile device cameras must be used only if documented approval is in the site physical security policy.
V-24985 Low The browser must direct all traffic to a DoD Internet proxy gateway.