UCF STIG Viewer Logo

Good Mobility Suite Server (Apple iOS 4) Interim Security Configuration Guide (ISCG)


Overview

Date Finding Count (33)
2011-11-07 CAT I (High): 4 CAT II (Med): 19 CAT III (Low): 10
STIG Description
This ISCG provides technical security controls required for the use of the Good Mobility Suite with Apple iOS 4 devices (iPhone, iPad, and iPod touch) in the DoD environment.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-24974 High The smartphone management server email system must be set up with the required system components in the required network architecture.
V-24975 High The smartphone management server host-based or appliance firewall must be installed and configured as required.
V-24976 High Security controls must be implemented on the smartphone management server for connections to back-office servers and applications.
V-26564 High Authentication on system administration accounts for wireless management servers must be configured.
V-25004 Medium A compliance rule must be setup in the server implementing jailbreak detection on smartphones. Devices will be wiped if they have been jailbroken.
V-25032 Medium Password access to the Good app on the smartphone must be enabled.
V-24994 Medium Inactivity lock must be set as required for the smartphone security/email client.
V-24995 Medium "Do not allow data to be copied from the Good application" must be checked.
V-24998 Medium The Over-The-Air (OTA) device provisioning PIN must have expiration set.
V-24992 Medium Maximum invalid password attempts must be set as required for the smartphone security/email client.
V-24993 Medium Data must be wiped after maximum password attempts reached for the smartphone security/email client.
V-24990 Medium Password minimum length must be set as required for the smartphone security/email client.
V-26729 Medium "Do not allow data to be copied into the Good application" must be checked in the Good security policy for the handheld.
V-26152 Medium S/MIME must be enabled on the Good server.
V-26135 Medium Password complexity must be set as required.
V-24972 Medium The required smartphone management server or later version must be used.
V-24973 Medium The host server where the smartphone management server is installed must be hardened according to the appropriate Application STIG (SQL, Apache Web Server, Apache Tomcat, IIS, etc.).
V-24978 Medium Smartphone user accounts must not be assigned to the default security/IT policy.
V-26561 Medium “Require CAC to be present” must be set.
V-26560 Medium Either CAC or password authentication must be enabled for user access to the Good app on the smartphone.
V-26562 Medium “Require both letters and numbers” must be set as required for the smartphone security/email client.
V-25000 Medium The Good server must be configured to push an iPhone configuration profile to each managed iPhone.
V-26563 Medium “Do not allow sequential numbers” must be set as required for the smartphone security/email client.
V-25002 Low A compliance rule must be set up in the server defining required smartphone hardware versions.
V-25030 Low If access is enabled to the Good app contacts lists by the smartphone, the list of contact information must be limited.
V-24999 Low OTA Provisioning PIN reuse must not be allowed.
V-24991 Low Repeated password characters must be disallowed for the Good app.
V-26728 Low A compliance rule must be set up on the server defining required Good client versions.
V-24977 Low The smartphone management server must be configured to control HTML and RTF formatted email.
V-25754 Low The PKI digital certificate installed on the wireless email management server must be a DoD PKI-issued certificate.
V-24989 Low Previously used passwords must be disallowed for security/email client on smartphone.
V-24988 Low Handheld password must be set as required.
V-24987 Low “Re-challenge for CAC PIN every” must be set.