UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Apple iOS app used to support the DoD notice and consent banner must either prevent access to a frequently used service or notify another device that acceptance of the user agreement has occurred.


Overview

Finding ID Version Rule ID IA Controls Severity
V-54301 AIOS-06-080003 SV-68547r1_rule Low
Description
If a user is able to deny either that he or she has used the app or that he or she provided the requisite consent within the app, then the app will not properly support the investigative and prosecutorial purposes of notice and consent. Without notice and consent, a user may be able to thwart otherwise authorized searches and seizures of the device. If the app is tied to a frequently used service, then use of that service indicates that the consent message has been accepted. If the app is not tied to a frequently used service, then it must notify an external device of consent transactions to enable DoD to determine which users have not periodically accepted the consent statement. Additional information is found in DoD Instruction 8500.01. SFR ID: FMT_SMF.1.1 #42
STIG Date
Apple iOS 8 Interim Security Configuration Guide 2014-09-16

Details

Check Text ( C-54937r2_chk )
This check procedure is performed on the iOS device only.

On the iOS device:
1. Ask the MDM administrator to identify the app used to fulfill the requirement.
2. Launch the app.
3. Determine whether the app is a frequently used app, such as an email client, that a user would be expected to use on a daily or nearly daily basis. If the app is a frequently used app, this is acceptable evidence that the user is acknowledging acceptance of the user agreement on a regular basis.
4. If the app is not a frequently used app, determine whether the app provides notification to an external device when the user acknowledges the notice and consent banner. In this case, the reviewer will need to work with the MDM administrator to determine how the app functions and to where it sends records of acceptance transactions.

If the MDM administrator is unable to identify an app to fulfill the requirement, if there is no banner, or if the app does not generate evidence that the user is acknowledging acceptance of the user agreement, this is a finding.
Fix Text (F-59155r1_fix)
Install an app that provides assurance that the user cannot deny having accepted the notice and consent banner.