The browser must direct all traffic to a DoD Internet proxy gateway.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-24985 | WIR-MOS-iOS-005 | SV-30784r2_rule | ECSC-1 | Low |
| Description |
|---|
| When using the DoD Internet proxy for iOS device Internet connections, enclave Internet security controls will filter and monitor iOS device Internet connections and reduce the risk that malware could be downloaded on the mobile device. |
| STIG | Date |
|---|---|
| Apple iOS 5 Security Technical Implementation Guide (STIG) | 2012-07-20 |
Details
| Check Text ( C-31201r3_chk ) |
|---|
| There are two acceptable implementations for this requirement. 1. The device uses a mobile VPN to route all data traffic to the DoD enclave, which forces all browser traffic to the DoD Internet gateway. 2. The device browser is installed inside an iOS security container and the security container provides the capability to route all browser traffic to the MDM server where it will be routed to the DoD Internet gateway. Using a browser without a mobile VPN and installed outside the iOS device security container is not an approved implementation. Verify one of the approved browser implementations is used. Talk to the user and review 3-4 sample devices. Mark as a finding if a required browser is not used. |
| Fix Text (F-27626r3_fix) |
|---|
| Use a compliant browser implementation on the iOS device. |