UCF STIG Viewer Logo

A “Restriction” policy must be manually added to each iOS device managed by the site during the provisioning/setup process.


Overview

Finding ID Version Rule ID IA Controls Severity
V-26753 WIR-iOS-008 SV-34001r1_rule ECWN-1 Medium
Description
The restriction policy will stop the capability of the user from accessing the Apple store and other unauthorized services, which could allow the download of malware or unapproved apps, before the ISCG policy has been installed on the device.
STIG Date
Apple iOS 4 (Good Mobility Suite) Interim Security Configuration Guide (ISCG) 2011-11-07

Details

Check Text ( C-34532r1_chk )
Check a sample of iOS devices managed by the site (3-4 devices).

-Have the site admin show that a restriction policy is on the device. Mark as a finding if no policy exists. Go to Settings > General > Restrictions.

-Have the site admin log into the restriction policy. Note if less than a four character passcode is used. Mark as a finding if the restriction passcode is less than four characters.

-Verify the following configuration settings have been set in the restriction policy:

-iTunes = OFF
-Installing Apps = OFF
-In-App Purchases = OFF
-Deleting Apps = OFF
-Multiplayer Games = OFF
-Adding Friends = OFF

Mark as a finding if any of these settings are not set as required.
Fix Text (F-30033r1_fix)
Set up the required Restriction policy on each site managed iOS device.