UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Location services must be turned off unless authorized for use for particular applications, in which case, location services must only be available to the authorized applications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25051 WIR-MOS-iOS-042 SV-34932r2_rule ECWN-1 Low
Description
Mobile device location services allow applications to gather information about the location of the handheld device and possibly forward it to servers located on the Internet. This is an operational security issue for DoD mobile devices.
STIG Date
Apple iOS 6 Security Technical Implementation Guide (STIG) 2013-05-23

Details

Check Text ( C-31304r3_chk )
Location based services is a User Based Enforcement (UBE) service.

On a sample of 3-4 devices managed by the site, verify iOS Location Services is disabled for all applications unless the site has a letter/memo stating the DAA or the Command Application Configuration Control Board (CCB) has approved location-based services for specific applications (e.g., Google Maps, Camera, etc.).

Go to Settings > Privacy > Location Services. Verify the service is off for all applications or off for unapproved applications.

Mark as a finding if any application not authorized for location services has location services turned on.
Fix Text (F-27774r2_fix)
Turn off location services during device provisioning and users will not enable the service unless approved for use.