Apple iOS must not allow diagnostic data to be sent to an organization other than DoD.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-54257	AIOS-02-080007	SV-68503r1_rule		Low

Description
The sending of diagnostic data back to the manufacturer is prohibited in the DoD. Sending this data to an organization other than DoD is termed a “phone-home” vulnerability. This setting may enable the device manufacturer to gather sensitive location data or other information about the user’s practices. This data will be sent to the manufacturer's servers and database. This data is stored at a location that has unauthorized employees accessing this data. By disabling this feature, the phone-home risk will be mitigated. SFR ID: FMT_SMF.1.1 #42

Description

The sending of diagnostic data back to the manufacturer is prohibited in the DoD. Sending this data to an organization other than DoD is termed a “phone-home” vulnerability. This setting may enable the device manufacturer to gather sensitive location data or other information about the user’s practices. This data will be sent to the manufacturer's servers and database. This data is stored at a location that has unauthorized employees accessing this data. By disabling this feature, the phone-home risk will be mitigated. SFR ID: FMT_SMF.1.1 #42

STIG	Date
Apple iOS 8 Interim Security Configuration Guide	2014-09-16

Details

Check Text ( C-54893r1_chk )
Review configuration settings to confirm “Allow sending diagnostic and usage data to Apple” is disabled. This check procedure is performed on both the iOS management tool and the iOS device. Note: If an organization has multiple configuration profiles, then the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS management tool, verify "Allow sending diagnostic and usage data to Apple" is unchecked. Alternatively, verify the text "allowDiagnosticSubmission" appears in the configuration profile (.mobileconfig file). On the iOS device: 1. Open the Settings application. 2. Tap "Privacy". 3. Tap "Diagnostics & Usage". 4. Verify that "Don't Send" is checked. Note: This setting also disables "Share With App Developers". If "Allow sending diagnostic and usage data to Apple" is checked in the iOS management tool, "allowDiagnosticSubmission" appears in the configuration profile, or "Automatically Send" is checked on the iOS device, this is a finding.

Check Text ( C-54893r1_chk )

Review configuration settings to confirm “Allow sending diagnostic and usage data to Apple” is disabled.

This check procedure is performed on both the iOS management tool and the iOS device.

Note: If an organization has multiple configuration profiles, then the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.

In the iOS management tool, verify "Allow sending diagnostic and usage data to Apple" is unchecked.

Alternatively, verify the text "allowDiagnosticSubmission" appears in the configuration profile (.mobileconfig file).

On the iOS device:
1. Open the Settings application.
2. Tap "Privacy".
3. Tap "Diagnostics & Usage".
4. Verify that "Don't Send" is checked.
Note: This setting also disables "Share With App Developers".

If "Allow sending diagnostic and usage data to Apple" is checked in the iOS management tool, "allowDiagnosticSubmission" appears in the configuration profile, or "Automatically Send" is checked on the iOS device, this is a finding.

Fix Text (F-59111r1_fix)
Install a Configuration Profile to disable sending diagnostic data to an organization other than DoD.