UCF STIG Viewer Logo

The mobile operating system PKI certificate store must encrypt contents using AES encryption (AES 128 bit encryption key length is the minimum requirement; AES 256 desired).


Finding ID Version Rule ID IA Controls Severity
V-32705 WIR-MOS-iOS-65-07 SV-43051r1_rule DCNR-1 High
If an adversary can access the key store, it may be able to use the keys to perform a variety of unauthorized transactions. It may also be able to modify public keys in a way that it can trick the operating system into accepting invalid certificates. Encrypting the key store protects the integrity and confidentiality of keys. AES encryption with adequate key lengths provides assurance that the protection is strong.
Apple iOS 5 Security Technical Implementation Guide (STIG) 2012-07-20


Check Text ( C-41068r1_chk )
Review system documentation and operating system configuration to determine if the operating system uses AES encryption with 128-bit or longer keys to encrypt the contents of the key store. If the key store is not encrypted or does not use AES encryption, this is a finding.
Fix Text (F-36603r1_fix)
Configure the operating system to encrypt the contents of the key with AES encryption using 128-bit or longer keys.