Mobile devices must have the required operating system software version installed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-25003	WIR-MOS-iOS-030-01	SV-34937r3_rule	ECWN-1	Medium

Description
Unapproved OS versions do not support required security features.

STIG	Date
Apple iOS6 Security Technical Implementation Guide	2014-10-07

Details

Check Text ( C-31332r6_chk )
1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy. 2. Select each security policy iOS devices are assigned to, and in turn, verify the required settings are in the policy. Verify a compliance rule has been set up defining iOS 6 or later as approved versions. Mark as a finding if the required compliance rule is not set up on the MDM server. Note: If there is a finding, note the name of the policy in the Findings Details section in VMS/Component Provided Tracking Database. If the Good Technology MDM server is used, complete the following: -Launch the MDM console and click on the Policies tab. -Select the iOS security policy. -Verify a compliance rule has been set up defining iOS 6 or later versions. -Launch the Good Mobile Control Web console and click on the Policies tab. -Select a policy set to review and click on the policy. -On the left tab, select Compliance Manager. -Verify “OS Version Verification” rule is listed. (Note that the rule title does not have to be exact.) -Open the rule by checking the box next to the rule and then click on Edit. -Verify the following are set. Platform: iPhone Check to Run: OS Version Verification Conditions: 6.0 or later Failure Action: “Quit Good for Enterprise” Check Every: “6 hours” Check: “Permit newer (previously unknown) OS versions”

Check Text ( C-31332r6_chk )

1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy.
2. Select each security policy iOS devices are assigned to, and in turn, verify the required settings are in the policy. Verify a compliance rule has been set up defining iOS 6 or later as approved versions.

Mark as a finding if the required compliance rule is not set up on the MDM server.

Note: If there is a finding, note the name of the policy in the Findings Details section in VMS/Component Provided Tracking Database.
If the Good Technology MDM server is used, complete the following:
-Launch the MDM console and click on the Policies tab.
-Select the iOS security policy.
-Verify a compliance rule has been set up defining iOS 6 or later versions.
-Launch the Good Mobile Control Web console and click on the Policies tab.
-Select a policy set to review and click on the policy.
-On the left tab, select Compliance Manager.
-Verify “OS Version Verification” rule is listed. (Note that the rule title does not have to be exact.)
-Open the rule by checking the box next to the rule and then click on Edit.
-Verify the following are set.
Platform: iPhone
Check to Run: OS Version Verification
Conditions: 6.0 or later
Failure Action: “Quit Good for Enterprise”
Check Every: “6 hours”
Check: “Permit newer (previously unknown) OS versions”

Fix Text (F-27651r3_fix)
Install the required OS version.