UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Apple iOS 12 Security Technical Implementation Guide


Overview

Date Finding Count (42)
2018-11-28 CAT I (High): 2 CAT II (Med): 26 CAT III (Low): 14
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-81807 High Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted.
V-81823 High Apple iOS device must have the latest available iOS operating system installed.
V-81813 Medium Apple iOS must implement the management setting: Encrypt iTunes backups.
V-81819 Medium Apple iOS must implement the management setting: Disable Allow MailDrop.
V-81795 Medium Apple iOS must not allow non-DoD applications to access DoD data.
V-81789 Medium Apple iOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).
V-81783 Medium Apple iOS must not allow backup to remote systems (iCloud Keychain).
V-81833 Medium Apple iOS must implement the management setting: not share location data through iCloud.
V-81837 Medium Apple iOS users must complete required training.
V-81777 Medium Apple iOS must not allow backup of managed app data to locally connected systems.
V-81781 Medium Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).
V-81791 Medium Apple iOS must not allow backup to remote systems (managed applications data stored in iCloud).
V-81787 Medium Apple iOS must not allow backup to remote systems (My Photo Stream).
V-81765 Medium Apple iOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store].
V-81767 Medium Apple iOS must not include applications with the following characteristics: Siri when the device is locked.
V-81769 Medium Apple iOS must not include applications with the following characteristics: Voice dialing application if available when MD is locked.
V-81771 Medium Apple iOS must not display notifications when the device is locked.
V-81841 Medium Apple iOS must implement the management setting: enable USB Restricted Mode.
V-81759 Medium Apple iOS must be configured to lock the display after 15 minutes (or less) of inactivity.
V-81829 Medium Apple iOS must implement the management setting: Treat Airdrop as an unmanaged destination.
V-81799 Medium Apple iOS must implement the management setting: remove managed applications upon unenrollment from MDM (including sensitive and protected data).
V-81821 Medium Apple iOS must implement the management setting: Disable Allow Shared Albums.
V-81827 Medium Apple iOS must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS Mail app.
V-81825 Medium Apple iOS must implement the management setting: use SSL for Exchange ActiveSync.
V-81839 Medium A managed photo app must be used to take and store work related photos.
V-81793 Medium Apple iOS must not allow backup to remote systems (enterprise books).
V-81773 Medium Apple iOS must not display notifications (calendar information) when the device is locked.
V-81779 Medium Apple iOS must not allow backup to remote systems (iCloud).
V-81811 Low Apple iOS must implement the management setting: not allow automatic completion of Safari browser passcodes.
V-81817 Low Apple iOS must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.
V-81815 Low Apple iOS must implement the management setting: not allow use of Handoff.
V-81931 Low Apple iOS must not allow managed apps to write contacts to unmanaged contacts accounts.
V-81933 Low Apple iOS must not allow unmanaged apps to read contacts from managed contacts accounts.
V-81831 Low Apple iOS must implement the management setting: not have any Family Members in Family Sharing.
V-81835 Low Apple iOS must implement the management setting: force Apple Watch wrist detection.
V-81761 Low Apple iOS must be configured to not allow more than 10 consecutive failed authentication attempts.
V-81763 Low If an unmanaged third-party VPN client is installed on the iOS device, it must not be configured with a DoD network (work) VPN profile.
V-81755 Low Apple iOS must be configured to enforce a minimum password length of six characters.
V-81809 Low Apple iOS must implement the management setting: limit Ad Tracking.
V-81775 Low Apple iOS must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.
V-81757 Low Apple iOS must be configured to not allow passwords that include more than two repeating or sequential characters.
V-81797 Low Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.