UCF STIG Viewer Logo

All mobile devices must display the required banner during device unlock/logon.


Finding ID Version Rule ID IA Controls Severity
V-25022 WIR-MOS-iOS-007 SV-30786r2_rule ECWM-1 Medium
DoD CIO memo requires all CMDs to have a consent banner displayed during logon/device unlock to ensure users understand their responsibilities to safeguard DoD data.
Apple iOS6 Security Technical Implementation Guide 2014-10-07


Check Text ( C-31203r8_chk )
The following banner is required:
“I've read & consent to terms in IS user agreem't.”

Check Procedure:

On the iOS device, complete the following:
Check a sample of devices (3-4). The procedure will vary, depending on the MDM server used. For iOS, the banner is only displayed when logging into the security container.

The banner must exactly match the required phrase.

Mark as a finding if the required banner is not configured to display during device unlock/logon.

If the Good Technology MDM server is used, complete the following:
1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy.
2. Select each security policy iOS devices are assigned to, and in turn, verify the required settings are in the policy. Verify either password or CAC authentication has been enabled for the MDM agent.
-Launch the Good Mobile Control Web console and click on the Policies tab.
-Select a policy set to review and click on the policy.
-On the left tab, select Compliance Manager.
-Verify a "Custom" or "iOS DoD Login Banner" rule is listed. (Note the rule title does not have to be exact.)
-Open the rule by checking the box next to the rule and then click Edit.
-Verify "Failure Action" is set to "Quit Good for Enterprise".
-Verify "Check Every" is set to "6 hours".
-Verify Rule File = disclaimer.xml.
Fix Text (F-27693r1_fix)
Display the required banner during device unlock/logon.