UCF STIG Viewer Logo

The browser must direct all traffic to a DoD Internet proxy gateway.


Overview

Finding ID Version Rule ID IA Controls Severity
V-24985 WIR-MOS-iOS-005 SV-30784r3_rule ECSC-1 Low
Description
When using the DoD Internet proxy for iOS device Internet connections, enclave Internet security controls will filter and monitor iOS device Internet connections and reduce the risk that malware could be downloaded on the mobile device.
STIG Date
Apple iOS6 Security Technical Implementation Guide 2014-10-07

Details

Check Text ( C-31201r7_chk )
There are two acceptable implementations for this requirement:

1. The device uses a mobile VPN to route all data traffic to the DoD enclave, which forces all browser traffic to the DoD Internet gateway. Note: This method is only acceptable if the VPN client is configured so that all data downloaded to the mobile device is saved in a FIPS 140-2 validated encrypted container; otherwise, the data at rest requirements in check V-32707/WIR-MOS-iOS-65-09 are not met.

2. The device browser is installed inside an iOS security container and the security container provides the capability to route all browser traffic to the MDM or authorized proxy server where it will be routed to the DoD Internet gateway.

Using a browser without a mobile VPN and installed outside the iOS device security container is not an approved implementation.

Verify one of the approved browser implementations is used. Talk to the IAO and review 3-4 sample devices.

Mark as a finding if a required browser implementation is not used.
Fix Text (F-27626r3_fix)
Use a compliant browser implementation on the iOS device.