UCF STIG Viewer Logo

Apple iOS Auto-Lock must be set.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25017 WIR-MOS-iOS-G-014 SV-30793r3_rule PESL-1 Low
Description
The "Auto-lock" feature enforces an inactivity timeout when coupled with a password lock. Without an inactivity timeout, sensitive DoD data on the device could be easily disclosed to anyone who obtains physical possession of the device. The absence of auto-lock would also facilitate the ability of an adversary to install malware on the device. Finally, the "Auto Lock" feature mitigates the risk of denial of service from battery depletion because less power is needed to light the display when the device automatically locks.
STIG Date
Apple iOS6 Security Technical Implementation Guide 2014-10-07

Details

Check Text ( C-31211r7_chk )
1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy.
2. Select each security policy iOS devices are assigned to and, in turn, verify the required settings are in the policy. Verify "Auto-lock" is set to a value other than "Never".

If the required rule is not set up on the MDM server, this is a finding.

Note: If there is a finding, note the name of the policy in the Findings Details section in VMS/Component Provided Tracking Database.
Fix Text (F-27688r4_fix)
Set the CMD Auto-Lock to a value other than "Never". Five minutes or less is recommended.