UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Only DoD PKI issued or DoD approved server authentication certificates must be installed on DoD mobile operating system devices.


Overview

Finding ID Version Rule ID IA Controls Severity
V-43208 AIOS-03-000001 SV-55956r1_rule Medium
Description
If unauthorized device authentication certificates are installed on the device, there is the potential that the device may connect to a rogue device or network. Rogue devices can mimic the behavior of authorized equipment to trick the user into providing authentication credentials, which could then in turn be used to compromise DoD information and networks. Restricting device authentication certificates to an authorized list mitigates the risk of attaching to rogue devices and networks.
STIG Date
Apple iOS 7 STIG 2014-01-30

Details

Check Text ( C-49235r1_chk )
This check procedure is performed on both the iOS Over-the-Air management tool and the iOS device.
Note: If an organization has multiple configuration profiles, then the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.

In the iOS Over-the-Air management tool, verify "Certificate Inventory" has only authorized certificates installed.
For example, in Mobile Iron Admin Portal:
1. Ask the MDM administrator to display the "USERS & DEVICES".
2. Click or tap on the word "Devices".
3. Click or tap the user.
4. Click or tap the "iOS" disclosure triangle under "Device Details".
5. Click or tap "Certificate Inventory".
6. Verify the certificates listed in the "Certificate Details" window are authorized.

On the iOS device:
1. Open Settings app.
2. Tap "General".
3. Tap "Profiles".
4. Review each "CONFIGURATION PROFILES". If only one profile is present on the device, it will appear automatically.
5. Tap "More Details".
6. Verify listed "CERTIFICATES" are authorized.

If any non DoD authorized certificates are present in the iOS Over-the-Air management tool or on the iOS device, this is a finding.
Fix Text (F-48795r1_fix)
Instruct the user of the iOS device to remove the unauthorized certificates.