UCF STIG Viewer Logo

The mobile operating system PKI certificate store must encrypt contents using AES encryption.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32705 WIR-MOS-iOS-65-07 SV-43051r1_rule DCNR-1 Medium
Description
If an adversary can access the key store, it may be able to use the keys to perform a variety of unauthorized transactions. It may also be able to modify public keys in a way that it can trick the operating system into accepting invalid certificates. Encrypting the key store protects the integrity and confidentiality of keys. AES encryption with adequate key lengths provides assurance that the protection is strong.
STIG Date
Apple iOS 6 Interim Security Configuration Guide (ISCG) 2013-01-17

Details

Check Text ( C-41068r3_chk )
Review system documentation and operating system configuration to determine if the operating system uses AES encryption with 128-bit or longer keys to encrypt the contents of the key store. Mark as a finding if the key store is not encrypted or does not use AES encryption.

Note: iOS does not currently meet this requirement but a third-party application could be used to meet the requirement. Verify one or more third-party applications (security container app, email app, etc.) are used that meet this requirement.
Fix Text (F-36603r2_fix)
Configure the operating system to encrypt the contents of the key store with AES encryption using 128-bit or longer keys.