The mobile operating system must provide mutual authentication between the provisioning server and the provisioned device during a trusted over-the-air (OTA) provisioning session.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32700	WIR-MOS-iOS-65-02	SV-43046r1_rule	ECWN-1	High

Description
When dealing with access restrictions pertaining to change control, it should be noted that any changes to the hardware, software, and/or firmware components of the information system can potentially have significant effects on the overall security of the system. Mutual authentication ensures both that the device is authorized for provisioning and that a rogue provisioning server is not used to obtain software.

Description

When dealing with access restrictions pertaining to change control, it should be noted that any changes to the hardware, software, and/or firmware components of the information system can potentially have significant effects on the overall security of the system. Mutual authentication ensures both that the device is authorized for provisioning and that a rogue provisioning server is not used to obtain software.

STIG	Date
Apple iOS 5 Security Technical Implementation Guide (STIG)	2012-07-20

Details

Check Text ( C-41063r1_chk )
Review the loading process to determine if it meets the necessary assurance for mutual authentication. If the trusted loading process does not meet the criteria, this is a finding.

Fix Text (F-36598r1_fix)
Configure the operating system to authenticate the provisioning server prior to accepting provisioned software.