Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-43227 | AIOS-06-000002 | SV-55975r1_rule | Low |
Description |
---|
To ensure notice of and consent to the terms of the DoD standard user agreement, an iOS app must display a consent banner. Additionally, the app must prevent further activity in the application unless and until the user executes a positive action to manifest agreement, such as by tapping an acceptance button in the app. By preventing access to the system until the user accepts the conditions, legal requirements are met to protect the DoD and to remind users the device is designed and implemented for business use. Additional information is found in DoD Issuance DTM-08-60. |
STIG | Date |
---|---|
Apple iOS 7 STIG | 2014-01-30 |
Check Text ( C-49254r1_chk ) |
---|
This check procedure is performed on the iOS device only. On the iOS device: 1. Ask the MDM administrator to identify the app used to fulfill the requirement. 2. Launch the app. 3. Verify the user must perform a positive action to manifest agreement to the notice and consent banner before being allowed to perform other actions within the app. If the MDM administrator is unable to identify an app to fulfill the requirement, if there is no banner, or if user is able to perform actions within the app without accepting the banner statement, this is a finding. |
Fix Text (F-48814r1_fix) |
---|
Install an app that does not permit the user to perform functions in the app before accepting the notice and consent banner. |