UCF STIG Viewer Logo

The mobile device must be set to lock the device after a set period of user inactivity.


Finding ID Version Rule ID IA Controls Severity
V-25010 WIR-MOS-iOS-G-016 SV-30795r3_rule PESL-1 Medium
Sensitive DoD data could be compromised if the CMD does not automatically lock after 15 minutes of inactivity.
Apple iOS 6 Security Technical Implementation Guide (STIG) 2013-05-23


Check Text ( C-31213r7_chk )
1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy.
2. Select each security policy iOS devices are assigned to and, in turn, verify the required settings are in the policy. Verify that "Grace period" is checked and the sum of the "Auto-Lock" and "Grace period" values is 15 minutes or less. Acceptable combinations include a 15-minute "Auto-Lock" and an "Immediate" (or null) "Grace period", or a 5-minute "Auto-Lock" and a 5-minute "Grace period". On some MDM systems, the "Grace period" may be called "Passcode Lock" or a similar label.

If the required rule is not set up on the MDM server, this is a finding.

Note: If there is a finding, note the name of the policy in the Findings Details section in VMS/Component Provided Tracking Database.
Fix Text (F-27661r4_fix)
Enforce the CMD inactivity timeout requirement of 15 minutes or less through a combination of "Auto-Lock" and "Grace period" values that do not sum to greater than 15 minutes.