UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Apple iOS must be configured to wipe all sensitive DoD data (Controlled Unclassified Information (CUI)/For Official Use Only (FOUO)) and Personally Identifiable Information (PII) data during a remote wipe command from the MDM server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-72331 AIOS-01-100100 SV-86955r1_rule Medium
Description
DoD sensitive data (CUI/FOUO) or PII data downloaded from DoD web sites via Safari will be saved by default in a non-managed app on a DoD iOS device. If the device is wiped via an MDM Enterprise remote wipe command, data saved in non-managed apps will not be deleted and may be accessible to unauthorized people that have access to the MDM-wiped device. If the device is wiped via a Full Device MDM remote wipe command, all data on the device, including managed and unmanaged, will be deleted, but a Full Device wipe may not be appropriate for devices that have been authorized for personal use and have personal data stored on them or are BYOD devices. The risk in not using a Full Device wipe can be mitigated if a Managed Domain Configuration profile is installed on all managed iOS devices that contains a list of all DoD web domains that may have sensitive DoD data (CUI/FOUO) and PII data (primarily DoD web domains that require DoD PKI authentication credentials to access the web site). SFR ID: FMT_SMF_EXT.1.1 #9, 19, 28, 45g
STIG Date
Apple iOS 10 Security Technical Implementation Guide 2017-02-14

Details

Check Text ( C-72565r2_chk )
Review configuration settings to confirm Apple iOS is configured to wipe all sensitive DoD data and PII data during a remote wipe command from the MDM server. There are two possible implementations (policy or technical) for meeting this requirement. Interview the site MDM system administrator to determine which approach is being used at the site and follow the appropriate procedure for verifying compliance:

Method #1: Policy:
Verify the MDM system administrators are trained to always use a Full Device wipe when using a remote wipe command on managed iOS devices. Check system administrator training material and training records to verify compliance. Verify the site MDM administration policy includes an instruction that only a Full Device wipe command will be used when using a remote wipe command on managed iOS devices.

If MDM system administrators are not trained to always use a Full Device wipe when using a remote wipe command on managed iOS devices or the site MDM administration policy does not include an instruction that only a Full Device wipe commands will be used when using a remote wipe command on managed iOS devices, this is a finding.

Method #2: Technical
This verification procedure is performed on both the Apple iOS management tool and the Apple iOS device.

On the MDM management tool (MDM), do the following:
1. Verify a Managed Domain Configuration profile is set up on the iOS management tool.
2. Open the profile and verify it contains the current list of DoD web domains that may have sensitive DoD data (CUI/FOUO) and PII data by verifying the list was obtained from the DoD Network Information Center (NIC).

On several site managed iOS devices, do the following:
1. Have the user unlock the iOS device
2. Go to Settings >> General >> Device Management
3. Verify a Managed Domain Configuration profile is installed on the device

If the Apple iOS management tool does not have a Managed Domain Configuration profile installed or the profile does not contain a DoD NIC provided list of DoD web domains or any site managed iOS device reviewed does not have a Managed Domain Configuration profile installed, this is a finding.
Fix Text (F-78685r3_fix)
One of the following two procedures will be implemented to configure Apple iOS to wipe all sensitive DoD data and PII data during a remote wipe command from the MDM server:

1. Policy method: Implement an MDM site policy that only full device remote wipe commands will be used on managed mobile devices. Enterprise wipe commands will not be used. This policy will be documented in the site MDM management policy and in system administrator training and all MDM system administrators will be trained on this requirement.

2. Technical method: MDM site will install a Managed Domain Configuration profile on all managed iOS devices. See the profile provided in the iOS 10 package. The profile will contain a list of all DoD web domains that may have sensitive DoD data (CUI/FOUO) and PII data (primarily DoD web domains that require DoD PKI authentication credentials to access the web site).

Note: *.mil can be used instead of listing all DoD web domains.