UCF STIG Viewer Logo

Apple iOS 9 Interim Security Configuration Guide


Overview

Date Finding Count (39)
2015-12-07 CAT I (High): 3 CAT II (Med): 24 CAT III (Low): 12
STIG Description
This Interim Security Configuration Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-64709 High Apple iOS device must have the latest available iOS operating system installed.
V-61893 High Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted.
V-61923 High Apple iOS must implement the management setting: Encrypt iTunes backups.
V-61959 Medium Apple iOS must wipe protected or sensitive data upon unenrollment from MDM.
V-61957 Medium Apple iOS must not allow backup to locally connected systems.
V-61951 Medium Apple iOS must implement the management setting: remove managed applications upon unenrollment from MDM.
V-61953 Medium Apple iOS must implement the management setting: not allow a user to remove Apple iOS configuration profiles that enforce DoD security requirements.
V-61919 Medium Apple iOS must be configured to disable Touch ID.
V-61911 Medium Apple iOS must not display notifications when the device is locked.
V-64705 Medium Apple iOS must not allow non-DoD applications to access DoD data.
V-61935 Medium Apple iOS must implement the management setting: Disable Allow iCloud Photo Library.
V-61915 Medium Apple iOS must not include applications with the following characteristics: Siri when the device is locked.
V-61917 Medium Apple iOS must not include applications with the following characteristics: Voice dialing application if available when MD is locked.
V-61929 Medium Apple iOS must not allow backup to remote systems (managed applications data stored in iCloud)).
V-61897 Medium Apple iOS must not allow backup to remote systems (iCloud).
V-61939 Medium Apple iOS must implement the management setting: use SSL for Exchange Active Sync.
V-61567 Medium Apple iOS must lock the display after 15 minutes (or less) of inactivity.
V-61899 Medium Apple iOS must not allow backup to remote systems (iCloud document and data synchronization).
V-61905 Medium Apple iOS must not allow backup to remote systems (iCloud Photo Sharing (also known as Shared Photo Streams)).
V-61913 Medium Apple iOS must not display notifications (calendar information) when the device is locked.
V-61903 Medium Apple iOS must not allow backup to remote systems (My Photo Stream).
V-61901 Medium Apple iOS must not allow backup to remote systems (iCloud keychain).
V-61933 Medium Apple iOS must implement the management setting: Disable Allow MailDrop.
V-61941 Medium Apple iOS must implement the management setting: not allow messages in an Active Sync Exchange account to be forwarded or moved to other accounts in the Apple iOS Mail app.
V-61947 Medium Apple iOS must implement the management setting: not share location data through iCloud.
V-61945 Medium Apple iOS must implement the management setting: not have any Family Members in Family Sharing.
V-61943 Medium Apple iOS must implement the management setting: disable Airdrop.
V-61907 Low Apple iOS must disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.
V-61889 Low Apple iOS must enforce a minimum password length of 6 characters.
V-61909 Low Apple iOS must implement the management setting: limit Ad Tracking.
V-61891 Low Apple iOS must not allow more than 10 consecutive failed authentication attempts.
V-61955 Low Apple iOS must enable VPN protection.
V-61895 Low Apple iOS must not allow passwords that include more than two repeating or sequential characters.
V-61961 Low Apple iOS must implement the management setting: force Apple Watch wrist detection.
V-61949 Low Apple iOS must not include applications with the following characteristics: payment processing (Apple Pay).
V-61931 Low Apple iOS must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.
V-61925 Low Apple iOS must not allow backup to remote systems (enterprise books).
V-61927 Low Apple iOS must implement the management setting: not allow use of Handoff.
V-61921 Low Apple iOS must implement the management setting: not allow automatic completion of Safari browser passcodes.