UCF STIG Viewer Logo

Apple iOS/iPadOS 14 Security Technical Implementation Guide


Overview

Date Finding Count (53)
2021-05-25 CAT I (High): 2 CAT II (Med): 38 CAT III (Low): 13
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-228758 High iPhone and iPad must have the latest available iOS/iPadOS operating system installed.
V-228750 High Apple iOS/iPadOS must require a valid password be successfully entered before the mobile device data is unencrypted.
V-228766 Medium A managed photo app must be used to take and store work-related photos.
V-228732 Medium The mobile operating system must be configured to not allow more than ten consecutive failed authentication attempts.
V-244559 Medium Apple iOS/iPadOS must implement the management setting: remove managed applications upon unenrollment from MDM (including sensitive and protected data).
V-228738 Medium Apple iOS/iPadOS must not display notifications (calendar information) when the device is locked.
V-228763 Medium Apple iOS/iPadOS must implement the management setting: not share location data through iCloud.
V-228760 Medium Apple iOS/iPadOS must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS Mail app.
V-228761 Medium Apple iOS/iPadOS must implement the management setting: Treat AirDrop as an unmanaged destination.
V-228748 Medium Apple iOS/iPadOS must not allow non-DoD applications to access DoD data.
V-228767 Medium Apple iOS/iPadOS must implement the management setting: enable USB Restricted Mode.
V-228765 Medium Apple iOS/iPadOS users must complete required training.
V-228744 Medium Apple iOS/iPadOS must not allow backup to remote systems (My Photo Stream).
V-228745 Medium Apple iOS/iPadOS must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams).
V-228747 Medium Apple iOS/iPadOS must not allow backup to remote systems (enterprise books).
V-228740 Medium The mobile operating system must be configured to not allow backup of [all applications, configuration data] to locally connected systems.
V-228741 Medium Apple iOS/iPadOS must not allow backup to remote systems (iCloud).
V-228742 Medium Apple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization).
V-228743 Medium Apple iOS/iPadOS must not allow backup to remote systems (iCloud Keychain).
V-228735 Medium Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked.
V-228759 Medium Apple iOS/iPadOS must implement the management setting: use SSL for Exchange ActiveSync.
V-228729 Medium The mobile operating system must be configured to enforce a minimum password length of six characters.
V-228731 Medium The mobile operating system must be configured to enable a screen-lock policy that will lock the display after a period of inactivity.
V-228730 Medium The mobile operating system must be configured to not allow passwords that include more than two repeating or sequential characters.
V-228780 Medium Apple iOS must implement the management setting: not allow a user to remove Apple iOS configuration profiles that enforce DoD security requirements.
V-228781 Medium Apple iOS/iPadOS must disable [Allow network drive access in Files access].
V-228746 Medium Apple iOS/iPadOS must not allow backup to remote systems (managed applications data stored in iCloud).
V-228734 Medium The mobile operating system must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store].
V-228753 Medium Apple iOS/iPadOS must implement the management setting: Encrypt iTunes backups/Encrypt local backup.
V-228775 Medium Apple iOS/iPadOS must disable password sharing.
V-228774 Medium Apple iOS/iPadOS must disable password proximity requests.
V-228777 Medium The Apple iOS/iPadOS must be supervised by the MDM.
V-228771 Medium Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch.
V-228773 Medium Apple iOS/iPadOS must disable allow setting up new nearby devices.
V-228772 Medium Apple iOS/iPadOS must disable Password AutoFill in browsers and applications.
V-228757 Medium Apple iOS/iPadOS must implement the management setting: Disable Allow Shared Albums.
V-228756 Medium Apple iOS/iPadOS must implement the management setting: Disable Allow MailDrop.
V-228778 Medium Apple iOS/iPadOS must disable "Allow USB drive access in Files app" if the AO has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices.
V-228737 Medium The mobile operating system must be configured to not display notifications when the device is locked.
V-228736 Medium The mobile operating system whitelist must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked.
V-228733 Low The mobile operating system must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods].
V-228751 Low Apple iOS/iPadOS must implement the management setting: limit Ad Tracking.
V-228739 Low The mobile operating system must be configured to display the DoD advisory warning message at start-up or each time the user unlocks the device.
V-228762 Low Apple iOS/iPadOS must implement the management setting: not have any Family Members in Family Sharing.
V-228764 Low Apple iOS/iPadOS must implement the management setting: force Apple Watch wrist detection.
V-228768 Low Apple iOS/iPadOS must not allow managed apps to write contacts to unmanaged contacts accounts.
V-228769 Low Apple iOS/iPadOS must not allow unmanaged apps to read contacts from managed contacts accounts.
V-228752 Low Apple iOS/iPadOS must implement the management setting: not allow automatic completion of Safari browser passcodes.
V-228776 Low Apple iOS/iPadOS must disable Find My Friends in the Find My app.
V-228770 Low Apple iOS/iPadOS must implement the management setting: disable AirDrop.
V-228755 Low Apple iOS/iPadOS must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time.
V-228754 Low Apple iOS/iPadOS must implement the management setting: not allow use of Handoff.
V-228779 Low Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled.