UCF STIG Viewer Logo

The mobile operating system must prevent a user from using a browser that does not direct its traffic to a DoD proxy server.


Finding ID Version Rule ID IA Controls Severity
V-32711 WIR-MOS-iOS-65-11 SV-43057r1_rule ECWN-1 Medium
Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware downloaded onto the device could have a wide variety of malicious consequences, including loss of sensitive DoD information. Forcing traffic to flow through a proxy server greatly mitigates the risk of access to public Internet resources.
Apple iOS 5 Security Technical Implementation Guide (STIG) 2012-07-20


Check Text ( C-41072r1_chk )
Review the operating system and browser configuration to determine if traffic is forced through DoD proxy servers. If greater assurance is required, access a number of Internet web sites and verify traffic flows through a DoD proxy server by viewing the traffic using a network protocol analyzer or by communicating with personnel that manage the proxy server. If the device accesses any internet resource without being directed through a DoD proxy server, this is a finding.
Fix Text (F-36607r1_fix)
Disable browsers that do not support a feature to direct all traffic to a designated proxy server. Configure browsers that support this functionality to direct all traffic to a designated proxy server.