UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Apple iOS 10 Security Technical Implementation Guide


Overview

Date Finding Count (40)
2016-11-22 CAT I (High): 3 CAT II (Med): 26 CAT III (Low): 11
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-71839 High Apple iOS must implement the management setting: Encrypt iTunes backups.
V-71779 High Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted.
V-71865 High Apple iOS device must have the latest available iOS operating system installed.
V-71791 Medium Apple iOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).
V-71799 Medium Apple iOS must not display notifications (calendar information) when the device is locked.
V-71773 Medium Apple iOS must lock the display after 15 minutes (or less) of inactivity.
V-71785 Medium Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).
V-71787 Medium Apple iOS must not allow backup to remote systems (iCloud Keychain).
V-71783 Medium Apple iOS must not allow backup to remote systems (iCloud).
V-71789 Medium Apple iOS must not allow backup to remote systems (My Photo Stream).
V-71879 Medium Apple iOS must implement the management setting: not allow a user to remove Apple iOS configuration profiles that enforce DoD security requirements.
V-71877 Medium Apple iOS must implement the management setting: remove managed applications upon unenrollment from MDM.
V-71875 Medium Apple iOS must implement the management setting: not share location data through iCloud.
V-71803 Medium Apple iOS must not include applications with the following characteristics: Voice dialing application if available when MD is locked.
V-71873 Medium Apple iOS must implement the management setting: not have any Family Members in Family Sharing.
V-71857 Medium Apple iOS must implement the management setting: Disable Allow iCloud Photo Library.
V-71871 Medium Apple iOS must implement the management setting: Treat Airdrop as an unmanaged destination.
V-71869 Medium Apple iOS must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS Mail app.
V-71867 Medium Apple iOS must implement the management setting: use SSL for Exchange ActiveSync.
V-71851 Medium Apple iOS must implement the management setting: Disable Allow MailDrop.
V-72331 Medium Apple iOS must be configured to wipe all sensitive DoD data (Controlled Unclassified Information (CUI)/For Official Use Only (FOUO)) and Personally Identifiable Information (PII) data during a remote wipe command from the MDM server.
V-71845 Medium Apple iOS must not allow backup to remote systems (managed applications data stored in iCloud).
V-71797 Medium Apple iOS must not display notifications when the device is locked.
V-71801 Medium Apple iOS must not include applications with the following characteristics: Siri when the device is locked.
V-71807 Medium Apple iOS must not allow non-DoD applications to access DoD data.
V-71805 Medium Apple iOS must be configured to disable Touch ID.
V-71883 Medium Apple iOS must wipe protected or sensitive data upon unenrollment from MDM.
V-71881 Medium Apple iOS must not allow backup to locally connected systems.
V-71887 Medium Apple iOS must enforce an application installation policy by specifying an application whitelist.
V-71777 Low Apple iOS must not allow more than 10 consecutive failed authentication attempts.
V-71781 Low Apple iOS must not allow passwords that include more than two repeating or sequential characters.
V-71793 Low Apple iOS must disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.
V-71809 Low Apple iOS must implement the management setting: not allow automatic completion of Safari browser passcodes.
V-71795 Low Apple iOS must implement the management setting: limit Ad Tracking.
V-71843 Low Apple iOS must implement the management setting: not allow use of Handoff.
V-71847 Low Apple iOS must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.
V-71841 Low Apple iOS must not allow backup to remote systems (enterprise books).
V-71775 Low Apple iOS must enforce a minimum password length of six characters.
V-71885 Low Apple iOS must implement the management setting: force Apple Watch wrist detection.
V-71889 Low Before establishing a user session, Apple iOS must display an administrator-specified advisory notice and consent warning banner regarding use of the mobile operating system.