The mobile operating system must not permit a user to disable or modify the security policy or enforcement mechanisms on the device.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32699 | WIR-MOS-iOS-65-01 | SV-43045r1_rule | ECWN-1 | High |
| Description |
|---|
| The integrity of the security policy and enforcement mechanisms is critical to the IA posture of the operating system. If a user can modify a device's security policy or enforcement mechanisms, then a wide range of subsequent attacks are possible, including unauthorized access to information and networks. Access controls that prevent a user from making modifications such as these mitigate the risk of operating system compromise. |
| STIG | Date |
|---|---|
| Apple iOS 6 Interim Security Configuration Guide (ISCG) | 2013-01-17 |
Details
| Check Text ( C-41062r5_chk ) |
|---|
| Apple iOS 6 meets this requirement if an MDM profile is used on the iOS device to manage the device security policy. Verify an MDM profile is installed on a sample of devices (3-4): Settings > General > Profiles Mark as a finding if the site does not use an MDM profile to manage the security policy on site managed iOS devices (it has already been verified that iOS 6 does not permit a user to modify the MDM profile). |
| Fix Text (F-36597r3_fix) |
|---|
| Use an MDM profile to manage the security policy on site managed iOS devices. |