The mobile operating system must support the capability for the system administrator to disable over-the-air (OTA) provisioning.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32703 | WIR-MOS-iOS-65-05 | SV-43049r1_rule | ECWN-1 | Low |
| Description |
|---|
| In some environments, the risk of OTA provisioning may outweigh any convenience benefit it offers. In addition, some OTA mechanisms do not provide appropriate authentication and cryptographic integrity measures. In such cases, the administrator should have the ability to disable OTA provisioning to ensure secure breaches do not occur from use of this technique. |
| STIG | Date |
|---|---|
| Apple iOS6 Security Technical Implementation Guide | 2014-10-07 |
Details
| Check Text ( C-41066r5_chk ) |
|---|
| Review system documentation and operating system configuration to determine if the system administrator has the ability to disable OTA provisioning on the MDM and/or MAM server. The Good Technology server meets this requirement. |
| Fix Text (F-36601r2_fix) |
|---|
| Disable OTA provisioning if threat conditions warrant this action. |