If an unmanaged third-party VPN client is installed on the iOS/iPadOS device, it must not be configured with a DoD network (work) VPN profile.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-97427 | AIOS-13-000800 | SV-106531r1_rule | Low |
| Description |
|---|
| Access to the DoD network must be limited for unmanaged apps which are considered untrusted. SFR ID: FMT_SMF_EXT.1.1 #3 |
| STIG | Date |
|---|---|
| Apple iOS/iPadOS 13 Security Technical Implementation Guide | 2019-09-23 |
Details
| Check Text ( C-96263r1_chk ) |
|---|
| Review the list of unmanaged apps installed on the iPhone and iPad and determine if any third-party VPN clients are installed. If yes, verify the VPN app is not configured with a DoD network (work) VPN profile. This validation procedure is performed on the iOS device only. On the iPhone and iPad, do the following: 1. Open the Settings app. 2. Tap "General". 3. In the "VPN" line, determine if any "Personal VPN" exists. 4. If not, the requirement has been met. 5. If so, open each VPN app. Review the list of VPN profiles configured on the VPN client. 6. Verify there are no DoD network VPN profiles configured on the VPN client. If any third-party unmanaged VPN apps are installed (personal VPN) and have a DoD network VPN profile configured on the client, this is a finding. Note: This setting cannot be managed by the MDM administrator and is a User Based Enforcement (UBE) requirement. |
| Fix Text (F-103107r1_fix) |
|---|
| If a third-party unmanaged VPN app is installed on the iOS 12 device, do not configure the VPN app with a DoD network VPN profile. |