Apple iOS must not include applications with the following characteristics: payment processing (Apple Pay).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-61949 | AIOS-05-080104 | SV-76439r2_rule | Low |
| Description |
|---|
| Apple Pay is a mobile payment technology that enables users to make purchases with their Apple iOS devices, provided that the vendor supports the required Near Field Communications (NFC) interface to Apple Pay. If the payment system is vulnerable to breach, a user's charge cards may be used for unauthorized payments, including charges to government-issued cards. Disabling or avoiding use of Apple Pay mitigates this risk. The use of a GFE mobile device as a personal payment system is not authorized. SFR ID: FMT_SMF_EXT.1.1 #45 |
| STIG | Date |
|---|---|
| Apple iOS 9 Interim Security Configuration Guide | 2015-12-07 |
Details
| Check Text ( C-62831r1_chk ) |
|---|
| Review configuration settings to confirm that Apple Pay is not in use. It is not possible to disable Apple Pay. Note: This check procedure is only applicable on Apple iOS devices that support Apple Pay (iPhone 6 and 6 Plus) and can only be verified on the mobile device. Verify that no payment information (e.g., a charge card) is associated with Apple Pay: 1. Open the Settings app. 2. Tap on "Wallet & Apple Pay". 3. Verify there is no payment information listed. If there is any payment information configured for Apple pay, this is a finding. |
| Fix Text (F-67867r1_fix) |
|---|
| The user must remove payment information from Apple Pay. |