Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile device must be set to lock the device after a set period of user inactivity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25010 | WIR-MOS-iOS-G-016 | SV-30795r3_rule | PESL-1 | Medium |
| Description |
|---|
| Sensitive DoD data could be compromised if the CMD does not automatically lock after 15 minutes of inactivity. |
| STIG | Date |
|---|---|
| Apple iOS 6 Security Technical Implementation Guide (STIG) | 2013-05-23 |
Details
| Check Text ( C-31213r7_chk ) |
|---|
| 1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy. 2. Select each security policy iOS devices are assigned to and, in turn, verify the required settings are in the policy. Verify that "Grace period" is checked and the sum of the "Auto-Lock" and "Grace period" values is 15 minutes or less. Acceptable combinations include a 15-minute "Auto-Lock" and an "Immediate" (or null) "Grace period", or a 5-minute "Auto-Lock" and a 5-minute "Grace period". On some MDM systems, the "Grace period" may be called "Passcode Lock" or a similar label. If the required rule is not set up on the MDM server, this is a finding. Note: If there is a finding, note the name of the policy in the Findings Details section in VMS/Component Provided Tracking Database. |
| Fix Text (F-27661r4_fix) |
|---|
| Enforce the CMD inactivity timeout requirement of 15 minutes or less through a combination of "Auto-Lock" and "Grace period" values that do not sum to greater than 15 minutes. |