Apple iOS must not store any payment data in Apple Pay.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-54313	AIOS-05-080104	SV-68559r1_rule		Medium

Description
Apple Pay is a mobile payment technology that enables users to make purchases with their iOS devices, provided that the vendor supports the required Near Field Communications (NFC) interface to Apple Pay. If the payment system is vulnerable to breach, a user's charge cards may be used for unauthorized payments, including charges to government-issued cards. Disabling or avoiding use of Apple Pay mitigates this risk. SFR ID: FMT_SMF.1.1 #42

Description

Apple Pay is a mobile payment technology that enables users to make purchases with their iOS devices, provided that the vendor supports the required Near Field Communications (NFC) interface to Apple Pay. If the payment system is vulnerable to breach, a user's charge cards may be used for unauthorized payments, including charges to government-issued cards. Disabling or avoiding use of Apple Pay mitigates this risk. SFR ID: FMT_SMF.1.1 #42

STIG	Date
Apple iOS 8 Interim Security Configuration Guide	2014-09-16

Details

Check Text ( C-54949r1_chk )
Review configuration settings to confirm that Apple Pay is disabled or not in use. Note: This check procedure is not applicable on iOS devices that do not support Apple Pay. As of the publication of this ISCG, iPhone 6 and iPhone 6 Plus are the only iOS devices that support Apple Pay. If there is a mechanism for disabling Apple Pay, verify Apple Pay is disabled. Potential mechanisms to disable Apple Pay include disabling the NFC radio or disabling the Apple Pay service. The settings for these features are expected to be found in the Settings app. If there is not a mechanism to disable Apple Pay, verify that no payment information (e.g., a charge card) is associated with Apple Pay. The configuration of Apple Pay is expected to be found either in a App associated with Apple Pay or in the Settings app. If there is any payment information configured for Apple pay, this is a finding.

Check Text ( C-54949r1_chk )

Review configuration settings to confirm that Apple Pay is disabled or not in use.

Note: This check procedure is not applicable on iOS devices that do not support Apple Pay. As of the publication of this ISCG, iPhone 6 and iPhone 6 Plus are the only iOS devices that support Apple Pay.

If there is a mechanism for disabling Apple Pay, verify Apple Pay is disabled. Potential mechanisms to disable Apple Pay include disabling the NFC radio or disabling the Apple Pay service. The settings for these features are expected to be found in the Settings app.

If there is not a mechanism to disable Apple Pay, verify that no payment information (e.g., a charge card) is associated with Apple Pay. The configuration of Apple Pay is expected to be found either in a App associated with Apple Pay or in the Settings app.

If there is any payment information configured for Apple pay, this is a finding.

Fix Text (F-59167r1_fix)
The user must remove payment information from Apple Pay or disable the feature.