Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile operating system must provide mutual authentication between the provisioning server and the provisioned device during a trusted over-the-air (OTA) provisioning session.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32700 | WIR-MOS-iOS-65-02 | SV-43046r1_rule | ECWN-1 | High |
| Description |
|---|
| When dealing with access restrictions pertaining to change control, it should be noted that any changes to the hardware, software, and/or firmware components of the information system can potentially have significant effects on the overall security of the system. Mutual authentication ensures both that the device is authorized for provisioning and that a rogue provisioning server is not used to obtain software. |
| STIG | Date |
|---|---|
| Apple iOS 6 Interim Security Configuration Guide (ISCG) | 2013-01-17 |
Details
| Check Text ( C-41063r5_chk ) |
|---|
| The link between iOS 6 and Apple meets this requirement for iOS updates from Apple. Review the software loading process between the mobile device and the provisioning server (MDM and/or MAM) to determine if it meets the necessary assurance for mutual authentication. Acceptable mutual authentication mechanisms may include PKI or shared secret based systems. A review of product documentation may be necessary. Mark as a finding if the trusted loading process does not meet the criteria. |
| Fix Text (F-36598r2_fix) |
|---|
| Configure the mobile operating system to authenticate the provisioning server prior to accepting provisioned software. |