Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25051 | WIR-MOS-iOS-042 | SV-34932r1_rule | ECWN-1 | Low |
Description |
---|
Smartphone location services allow applications to gather information about the location of the handheld device and possibly forward it to servers located on the Internet. This is an operational security issue for DoD smartphones devices. |
STIG | Date |
---|---|
Apple iOS 4 (Good Mobility Suite) Interim Security Configuration Guide (ISCG) | 2011-11-07 |
Check Text ( C-31304r1_chk ) |
---|
Location based services is a User Based Enforcement (UBE) service. On a sample of 3-4 devices managed by the site, verify iOS Location Services is disabled for all applications unless the site has a letter/memo stating the DAA or the Command Application Configuration Control Board (CCB) has approved location-based services for specific applications (e.g., Google Maps, Camera, etc.). Go to Settings > General > Location Services. Verify the service is off for all applications or off for unapproved applications. Mark as a finding if configuration is not set as required. |
Fix Text (F-27774r1_fix) |
---|
Turn off location during device provisioning and users will not enable the service unless approved for use. |