|Finding ID||Version||Rule ID||IA Controls||Severity|
|When a user is allowed to use AirPlay without a password, there is the potential that it may mistakenly associate the Apple iOS device with an AirPlay-enabled device other than the one intended (i.e., by choosing the wrong one from the AirPlay list displayed). This creates the potential that someone in control of a mistakenly associated device may obtain DoD-sensitive information without authorization. Requiring a password before such an association mitigates this risk. Passwords do not require any administration, nor must they comply with any complexity requirements. SFR ID: FMT_SMF_EXT.1.1 #40|
|Apple iOS 10 Security Technical Implementation Guide||2016-10-25|
|Check Text ( C-72079r1_chk )|
| Review configuration settings to confirm "Require passcode on first AirPlay pairing" is enabled. |
This check procedure is performed on both the Apple iOS management tool and the Apple iOS device.
Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.
In the Apple iOS management tool, verify "Require passcode on first AirPlay pairing" is checked.
Alternatively, verify the text
appears in the configuration profile (.mobileconfig file).
On the Apple iOS device:
1. Open the Settings app.
2. Tap "General".
3. Tap "Profiles" or "Profiles & Device Management" or "Device Management".
4. Tap the Configuration Profile from the Apple iOS management tool containing the restrictions policy.
5. Tap "Restrictions".
6. Verify "AirPlay outgoing requests pairing password enforced" is listed.
If "Require passcode on first AirPlay pairing" is unchecked in the Apple iOS management tool, "
|Fix Text (F-78199r1_fix)|
|Install a configuration profile to require the user to enter a password when connecting to an AirPlay-enabled device for the first time.|