Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The iOS device iMessage service must be set to Off at all times (User Based Enforcement (UBE)).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35006 | WIR-MOS-iOS-70-06 | SV-46252r1_rule | ECWN-1 | Low |
| Description |
|---|
| iOS iMessage service provides the potential for the exposure of private and possibly sensitive DoD information. When a DoD iOS device is transferred to a new user or disposed of, the device may still receive iMessages sent to the previous DoD user. iMessage phone numbers on a specific iOS device can persist after a SIM has been removed from the phone. For example, SIM A is placed in phone, activated on iMessage, and then swapped out for SIM B. That phone will receive iMessages bound for the phone numbers on both SIM A and B until the iMessage service on the phone has been turned off and then back on again. This vulnerability exists for GSM devices but not for CDMA devices. When the original device user receives messages via their iMessage account, the message will be displayed on their old iOS device. The wipe procedure for the iOS device must include specific procedures (outlined in the STIG Overview) to mitigate this risk. |
| STIG | Date |
|---|---|
| Apple iOS 6 Interim Security Configuration Guide (ISCG) | 2013-01-17 |
Details
| Check Text ( C-43430r1_chk ) |
|---|
| On a sample of site-managed iOS devices (pick 3-4 random devices), have the user turn on and log into the device. -Go to Settings > Messages > iMessage. -Check the setting of "iMessage". Verify "iMessage" is set to off (not selected). Mark as a finding if "iMessage" is not set to off. |
| Fix Text (F-39560r1_fix) |
|---|
| Set "iMessage" to "Off". |