|Finding ID||Version||Rule ID||IA Controls||Severity|
|When a user is allowed to use AirPlay without a password, there is the potential that it may mistakenly associate the iOS device with an AirPlay-enabled device other than the one intended (i.e., by choosing the wrong one from the AirPlay list displayed). This creates the potential that someone in control of a mistakenly-associated device may obtain DoD-sensitive information without authorization. Requiring a password before such an association mitigates this risk. Passwords do not require any administration, nor must they comply with any complexity requirements. SFR ID: FMT_SMF.1.1 #42|
|Apple iOS 8 Interim Security Configuration Guide||2014-09-16|
|Check Text ( C-54921r3_chk )|
| Review configuration settings to confirm “Require passcode on first AirPlay pairing" is enabled. |
This check procedure is performed on both the iOS management tool and the iOS device.
Note: If an organization has multiple configuration profiles, then the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.
In the iOS management tool, verify “Require passcode on first AirPlay pairing" is checked.
Alternatively, verify the text
appears in the configuration profile (.mobileconfig file).
On the iOS device:
1. Open the Settings app.
2. Tap "General".
3. Tap "Profiles" or "Profiles & Device Management" or "Device Management".
4. Tap the Configuration Profile from the iOS management tool containing the restrictions policy.
5. Tap "Restrictions".
6. Verify "AirPlay outgoing requests pairing password enforced" is listed.
If "Require passcode on first AirPlay pairing" is unchecked in the iOS management tool, "
|Fix Text (F-59139r1_fix)|
|Install a Configuration Profile to require the user to enter a password when connecting to an AirPlay-enabled device for the first time.|