UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The iOS/iPadOS 17 BYOAD must be configured to either disable access to DOD data, IT systems, and user accounts or wipe managed data and apps if the EMM system detects native security controls are disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-259748 AIOS-17-800080 SV-259748r943569_rule Medium
Description
Examples of indicators that the native device security controls have been disabled include jailbroken or rooted devices. When a BYOAD is out of compliance, DOD data and apps must be removed to protect against compromise of sensitive DOD information. Note: The site should review DOD and local data retention policies before wiping the work profile of a BYOAD device. Reference: DOD policy "Use of Non-Government Mobile Devices". 3.b.(4), 3.b.(5)i. SFR ID: FMT_SMF_EXT.1.1 #47
STIG Date
Apple iOS/iPadOS 17 BYOAD Security Technical Implementation Guide 2024-01-31

Details

Check Text ( C-63484r943567_chk )
Verify the EMM has been configured to either disable access to DOD data, IT systems, and user accounts on the iOS/iPadOS 17 BYOAD or wipe managed data and apps if it has been detected that native BYOAD security controls are disabled (e.g., jailbroken/rooted).

When managed data and apps are wiped, all managed data and files in the Files app must be wiped as well. The exact procedure will depend on the EMM system used at the site.

If the EMM has not been configured to either disable access to DOD data, IT systems, and user accounts on the iOS/iPadOS 17 BYOAD or wipe managed data and apps if it has been detected that native BYOAD security controls are disabled, this is a finding.
Fix Text (F-63391r943568_fix)
Configure the EMM to either disable access to DOD data, IT systems, and user accounts on the iOS/iPadOS 17 BYOAD or wipe managed data and apps if it has been detected that native iOS/iPadOS 17 BYOAD security controls are disabled (e.g., jailbroken/rooted). The exact procedure will depend on the EMM system used at the site.

Note: When managed data and apps are wiped, all managed data and files in the Files app must be wiped as well.