UCF STIG Viewer Logo

The Apple iOS app used to support the DoD notice and consent banner must retain the notice and consent banner on the screen until the user executes a positive action to manifest agreement by selecting a box indicating acceptance.


Overview

Finding ID Version Rule ID IA Controls Severity
V-54299 AIOS-06-080002 SV-68545r1_rule Low
Description
To ensure notice of and consent to the terms of the DoD standard user agreement, an iOS app must display a consent banner. Additionally, the app must prevent further activity in the application unless and until the user executes a positive action to manifest agreement, such as by tapping an acceptance button in the app. By preventing access to the system until the user accepts the conditions, legal requirements are met to protect the DoD and to remind users the device is designed and implemented for business use. Additional information is found in DoD Instruction 8500.01. SFR ID: FMT_SMF.1.1 #42
STIG Date
Apple iOS 8 Interim Security Configuration Guide 2014-09-16

Details

Check Text ( C-54935r1_chk )
This check procedure is performed on the iOS device only.

On the iOS device:
1. Ask the MDM administrator to identify the app used to fulfill the requirement.
2. Launch the app.
3. Verify the user must perform a positive action to manifest agreement to the notice and consent banner before being allowed to perform other actions within the app.

If the MDM administrator is unable to identify an app to fulfill the requirement, if there is no banner, or if the user is able to perform actions within the app without accepting the banner statement, this is a finding.
Fix Text (F-59153r1_fix)
Install an app that does not permit the user to perform functions in the app before accepting the notice and consent banner.