|Finding ID||Version||Rule ID||IA Controls||Severity|
|Requiring all authorized applications to be in an application whitelist prevents the execution of any applications (e.g., unauthorized, malicious) that are not part of the whitelist. Failure to configure an application whitelist properly could allow unauthorized and malicious applications to be downloaded, installed, and executed on the mobile device, causing a compromise of DoD data accessible by these applications. The application whitelist, in addition to controlling the installation of applications on the MD, must control user access/execution of all core applications (included in the operating system (OS) by the OS vendor) and pre-installed applications (provided by the MD vendor and wireless carrier), or the MD must provide an alternate method of restricting user access/execution to core and pre-installed applications. SFR ID: FMT_SMF_EXT.1.1 #10b|
|Apple iOS 10 Security Technical Implementation Guide||2016-10-25|
|Check Text ( C-72119r2_chk )|
| Review configuration settings to confirm approved apps are included on the whitelist. |
This check procedure is performed on both the Apple iOS management tool and the Apple iOS device.
In the MDM management console, verify the approved apps are included in the list of whitelisted applications. This procedure will vary depending on the MDM product.
On the Apple iOS device:
1. Open the Settings app.
2. Tap "General".
3. Tap "Profiles & Device Management".
4. Tap "Restrictions".
5. Verify "Whitelisted applications added" is present.
If apps other than approved apps are listed in the iOS management tool app whitelist or the restrictions policy on the Apple iOS device from the Apple iOS management tool does not list "Whitelisted applications added", this is a finding.
|Fix Text (F-78239r1_fix)|
|Configure the Apple iOS configuration profile to allow only whitelisted apps.|