UCF STIG Viewer Logo

The mobile operating system must support the capability for the system administrator to disable over-the-air (OTA) provisioning.


Finding ID Version Rule ID IA Controls Severity
V-32703 WIR-MOS-iOS-65-05 SV-43049r1_rule ECWN-1 Low
In some environments, the risk of OTA provisioning may outweigh any convenience benefit it offers. In addition, some OTA mechanisms do not provide appropriate authentication and cryptographic integrity measures. In such cases, the administrator should have the ability to disable OTA provisioning to ensure secure breaches do not occur from use of this technique.
Apple iOS6 Security Technical Implementation Guide 2014-10-07


Check Text ( C-41066r5_chk )
Review system documentation and operating system configuration to determine if the system administrator has the ability to disable OTA provisioning on the MDM and/or MAM server.

The Good Technology server meets this requirement.
Fix Text (F-36601r2_fix)
Disable OTA provisioning if threat conditions warrant this action.