UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system must not permit a user to disable or modify the security policy or enforcement mechanisms on the device.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32699 WIR-MOS-iOS-65-01 SV-43045r1_rule ECWN-1 High
Description
The integrity of the security policy and enforcement mechanisms is critical to the IA posture of the operating system. If a user can modify a device's security policy or enforcement mechanisms, then a wide range of subsequent attacks are possible, including unauthorized access to information and networks. Access controls that prevent a user from making modifications such as these mitigate the risk of operating system compromise.
STIG Date
Apple iOS 5 Security Technical Implementation Guide (STIG) 2012-07-20

Details

Check Text ( C-41062r2_chk )
Review system documentation, operating system configuration, and other IA information resources to determine how the operating system prevents the user from modifying the security policy and related enforcement mechanisms. Items to look for include mandatory access controls, permissions on related operating system files, and authentication for super user access. Examine the operating system configuration. If it is easy to turn off security settings or stop security-related applications from running, this is a finding.

An alternate and acceptable approach is for the security container agent to wipe the container if it detects the security policy has been deleted, disabled, or modified.
Fix Text (F-36597r2_fix)
Configure the operating system to prohibit a user from disabling or modifying the security policy or enforcement mechanisms on the device or to wipe the security container if detects the security policy has been deleted, disabled, or modified.