When connecting an iOS device to a PC with iTunes, the user must not download an iOS software update, if prompted to do so by iTunes (User Based Enforcement (UBE)).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25021 | WIR-iOS-003 | SV-30777r1_rule | ECWN-1 | Medium |
| Description |
|---|
| The security posture of the iOS system depends on strict configuration management control of all software installed on the device, including operating system version. Otherwise, the security posture of the device, and the DoD enclave the device connects to, could be compromised. All iOS updates should be installed by the SA or under the control of the SA. |
| STIG | Date |
|---|---|
| Apple iOS 4 (Good Mobility Suite) Interim Security Configuration Guide (ISCG) | 2011-11-07 |
Details
| Check Text ( C-31221r1_chk ) |
|---|
| Talk to the SA and ask what is the latest version of the iOS that has been approved for use on site-managed devices. -On a sample of site-managed iOS devices (pick 3-4 random devices), verify the iOS version installed on site-managed devices is not later than the approved version. --Log into the iOS device. --Go to Settings > General > About > Version. |
| Fix Text (F-27692r1_fix) |
|---|
| The user will not download an iOS software update when prompted to do so by iTunes. |