The iOS device password complexity must be set to the required value.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-25008	WIR-MOS-iOS-G-012-01	SV-30790r2_rule	ECWN-1 IAIA-1	Low

Description
On iOS 6 devices, all sensitive DoD data must be placed in a security container for which there is separate authentication. Nevertheless, a device unlock password protects against unauthorized access to core applications such as the Phone app. Therefore, controls should be implemented to prohibit repeating, ascending, and descending character streams in the passcode. iOS provides a security mechanism to prevent users from choosing simple passcodes (e.g., 1111). Implementation of this control is an appropriate defense-in-depth measure to mitigate authorized use of the device.

Description

On iOS 6 devices, all sensitive DoD data must be placed in a security container for which there is separate authentication. Nevertheless, a device unlock password protects against unauthorized access to core applications such as the Phone app. Therefore, controls should be implemented to prohibit repeating, ascending, and descending character streams in the passcode. iOS provides a security mechanism to prevent users from choosing simple passcodes (e.g., 1111). Implementation of this control is an appropriate defense-in-depth measure to mitigate authorized use of the device.

STIG	Date
Apple iOS 6 Interim Security Configuration Guide (ISCG)	2013-01-17

Details

Check Text ( C-31208r4_chk )
1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy. 2. Select each security policy iOS devices are assigned to, and in turn, verify the required settings are in the policy. Verify “Allow simple value” is not checked Mark as a finding if the required rule is not set up on the MDM server. Note: If there is a finding, note the name of the policy in the Findings Details section in VMS/Component Provided Tracking Database.

Check Text ( C-31208r4_chk )

1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy.
2. Select each security policy iOS devices are assigned to, and in turn, verify the required settings are in the policy. Verify “Allow simple value” is not checked

Mark as a finding if the required rule is not set up on the MDM server.

Note: If there is a finding, note the name of the policy in the Findings Details section in VMS/Component Provided Tracking Database.

Fix Text (F-27658r4_fix)
Disable (uncheck) "Allow simple value" in the iOS policy on the MDM server.