UCF STIG Viewer Logo

Apple iOS 8 Interim Security Configuration Guide


Overview

Date Finding Count (40)
2014-09-16 CAT I (High): 3 CAT II (Med): 27 CAT III (Low): 10
STIG Description
This ISCG contains technical security controls required for the use of Apple iOS 8 devices (iPhone and iPad) in the DoD environment. Comments or proposed revisions to this document should be sent via email to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Classified)

Finding ID Severity Title
V-54277 High Apple iOS must encrypt iTunes backups.
V-54241 High Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted.
V-54269 High Apple iOS must not allow the device to be unlocked using a fingerprint.
V-54249 Medium Apple iOS must not allow use of iCloud document and data synchronization.
V-54295 Medium Apple iOS must not share location data through iCloud.
V-54293 Medium Apple iOS must not have any Family Members in Family Sharing.
V-54291 Medium Apple iOS must have Airdrop disabled.
V-54253 Medium Apple iOS must not allow use of My Photo Stream.
V-54251 Medium Apple iOS must not allow use of the iCloud Keychain.
V-54255 Medium Apple iOS must not allow use of iCloud Photo Sharing (also known as Shared Photo Streams).
V-54279 Medium Apple iOS must not allow backup of enterprise books.
V-54237 Medium Apple iOS must enforce a minimum password length of 6 or more characters.
V-54313 Medium Apple iOS must not store any payment data in Apple Pay.
V-54271 Medium Apple iOS must not allow non-DoD applications to access DoD data.
V-54311 Medium Apple iOS must not store Personally Identifiable Information (PII) in Medical ID in the Health app.
V-54315 Medium Apple iOS must not allow use of the Near Field Communications (NFC) radio.
V-54245 Medium Apple iOS must not allow screen capture.
V-54289 Medium Apple iOS must not allow messages in an Active Sync Exchange account to be forwarded or moved to other accounts in the iOS Mail app.
V-54247 Medium Apple iOS must not allow use of iCloud backup.
V-54243 Medium Apple iOS must not allow the device unlock password to contain more than two sequential or repeating characters (e.g., 456, aaa).
V-54283 Medium Apple iOS must not allow managed applications to store data in iCloud.
V-54287 Medium Apple iOS must use SSL for Exchange Active Sync.
V-54309 Medium Apple iOS must lock the display after 15 minutes (or less) of inactivity.
V-54263 Medium Apple iOS must not display calendar information when the device is locked.
V-54261 Medium Apple iOS must not display notifications when the device is locked.
V-54303 Medium Apple iOS must employ mobile device management services to centrally manage security-relevant configuration and policy settings.
V-54267 Medium Apple iOS must not allow voice dialing when the device is locked.
V-54305 Medium Apple iOS must remove managed applications upon unenrollment from MDM.
V-54265 Medium Apple iOS must not allow use of Siri when the device is locked.
V-54307 Medium Apple iOS must not allow a user to remove iOS configuration profiles that enforce DoD security requirements.
V-54297 Low The Apple iOS app used to support the DoD notice and consent banner must display the DoD notice and consent banner exactly as specified at start-up device unlock.
V-54299 Low The Apple iOS app used to support the DoD notice and consent banner must retain the notice and consent banner on the screen until the user executes a positive action to manifest agreement by selecting a box indicating acceptance.
V-54257 Low Apple iOS must not allow diagnostic data to be sent to an organization other than DoD.
V-54259 Low Apple iOS must limit Ad Tracking.
V-54273 Low Apple iOS must not allow DoD applications to access non-DoD data.
V-54275 Low Apple iOS must not allow automatic completion of Safari browser passcodes.
V-54281 Low Apple iOS must not allow use of Handoff.
V-54285 Low Apple iOS must require the user to enter a password when connecting to an AirPlay-enabled device for the first time.
V-54239 Low Apple iOS must prohibit more than 10 consecutive failed authentication attempts.
V-54301 Low The Apple iOS app used to support the DoD notice and consent banner must either prevent access to a frequently used service or notify another device that acceptance of the user agreement has occurred.