Apple iOS/iPadOS 18 must disable the use of voice assistant (Show user-generated content in Siri) unless required to meet Section 508 compliance requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-276201 | AIOS-18-016200 | SV-276201r1115672_rule | CCI-000366 | low |
| Description | ||||
| The use of voice assistants could expose sensitive DOD data to cloud-based servers during the processing of assistant requests. SFR ID: FMT_MOF_EXT.1.2 #47 | ||||
| STIG | Date | |||
| Apple iOS/iPadOS 18 Security Technical Implementation Guide | 2025-06-30 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-276201r1115672_chk)
Review configuration settings to confirm Siri is disabled. Exception: Siri is allowed if used to meet Section 508 compliance requirements.
Note: This control may not be configurable by some MDM products when "Allow Siri" is disabled.
This is a supervised-only control. If the iPhone or iPad being reviewed is not supervised by the MDM, this control is automatically a finding.
If the iPhone or iPad being reviewed is supervised by the MDM, follow these procedures:
This check procedure is performed on both the device management tool and the iPhone and iPad device.
Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.
In the iOS/iPadOS management tool, verify "Show user-generated content in Siri" or "Allow Siri" is unchecked.
On the iPhone/iPad device:
1. Open the Settings app.
2. Tap "General".
3. Tap "VPN & Device Management".
4. Tap the Configuration Profile from the iOS management tool containing the restrictions policy.
5. Tap "Restrictions".
6. Verify "Show user-generated content in Siri not allowed" or "Siri not allowed" is listed.
If "Show user-generated content in Siri" is not disabled or Siri is not disabled in the management tool and on the Apple device, this is a finding.
Fix Text (F-80260r1115671_fix)
Install a configuration profile to disable "Show user-generated content in Siri" unless required to meet Section 508 compliance requirements. This is a supervised-only control.
Note: This control may not be configurable by some MDM products when "Allow Siri" is disabled.