Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-43234 | AIOS-06-000003 | SV-55982r1_rule | Medium |
Description |
---|
If a user is able to deny either that he or she has used the app or that he or she provided the requisite consent within the app, then the app will not properly support the investigative and prosecutorial purposes of notice and consent. Without notice and consent, a user may be able to thwart otherwise authorized searches and seizures of the device. If the app is tied to a frequently used service, then use of that service indicates that the consent message has been accepted. If the app is not tied to a frequently used service, then it must notify an external device of consent transactions to enable DoD to determine which users have not periodically accepted the consent statement. Additional information is found in DoD Issuance DTM-08-60. |
STIG | Date |
---|---|
Apple iOS 7 STIG | 2014-01-30 |
Check Text ( C-49261r1_chk ) |
---|
This check procedure is performed on the iOS device only. On the iOS device: 1. Ask the MDM administrator to identify the app used to fulfill the requirement. 2. Launch the app. 3. Determine whether the app is a frequently used app, such as an email client, that a user would be expected to use on a daily or nearly daily basis. If the app is a frequently used app, this is acceptable evidence that the user is acknowledging acceptance of the user agreement on a regular basis. 4. If the app is not a frequently used app, determine whether the app provides notification to an external device when the user acknowledges the notice and consent banner. In this case, the reviewer will need to work with the MDM administrator to determine how the app functions and to where it sends records of acceptance transactions. If the MDM administrator is unable to identify an app to fulfill the requirement, if there is no banner, or if the app does not generate evidence that the user is acknowledging acceptance of the user agreement, this is a finding. |
Fix Text (F-48821r1_fix) |
---|
Install an app that provides assurance that the user cannot deny having accepted the notice and consent banner. |