UCF STIG Viewer Logo

An iOS app must retain the notice and consent banner on the screen until the user executes a positive action to manifest agreement by selecting a box indicating acceptance.


Overview

Finding ID Version Rule ID IA Controls Severity
V-43227 AIOS-06-000002 SV-55975r2_rule Low
Description
To ensure notice of and consent to the terms of the DoD standard user agreement, an iOS app must display a consent banner. Additionally, the app must prevent further activity in the application unless and until the user executes a positive action to manifest agreement, such as by tapping an acceptance button in the app. By preventing access to the system until the user accepts the conditions, legal requirements are met to protect the DoD and to remind users the device is designed and implemented for business use. Additional information is found in DoD Issuance DoDI 8500.01.
STIG Date
Apple iOS 7 STIG 2014-08-26

Details

Check Text ( C-49254r1_chk )
This check procedure is performed on the iOS device only.

On the iOS device:
1. Ask the MDM administrator to identify the app used to fulfill the requirement.
2. Launch the app.
3. Verify the user must perform a positive action to manifest agreement to the notice and consent banner before being allowed to perform other actions within the app.

If the MDM administrator is unable to identify an app to fulfill the requirement, if there is no banner, or if user is able to perform actions within the app without accepting the banner statement, this is a finding.
Fix Text (F-48814r1_fix)
Install an app that does not permit the user to perform functions in the app before accepting the notice and consent banner.