Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-32705 | WIR-MOS-iOS-65-07 | SV-43051r1_rule | DCNR-1 | Medium |
Description |
---|
If an adversary can access the key store, it may be able to use the keys to perform a variety of unauthorized transactions. It may also be able to modify public keys in a way that it can trick the operating system into accepting invalid certificates. Encrypting the key store protects the integrity and confidentiality of keys. AES encryption with adequate key lengths provides assurance that the protection is strong. |
STIG | Date |
---|---|
Apple iOS 6 Interim Security Configuration Guide (ISCG) | 2013-01-17 |
Check Text ( C-41068r3_chk ) |
---|
Review system documentation and operating system configuration to determine if the operating system uses AES encryption with 128-bit or longer keys to encrypt the contents of the key store. Mark as a finding if the key store is not encrypted or does not use AES encryption. Note: iOS does not currently meet this requirement but a third-party application could be used to meet the requirement. Verify one or more third-party applications (security container app, email app, etc.) are used that meet this requirement. |
Fix Text (F-36603r2_fix) |
---|
Configure the operating system to encrypt the contents of the key store with AES encryption using 128-bit or longer keys. |