UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

OTA Provisioning PIN reuse must not be allowed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-24999 WIR-GMMS-009 SV-30739r2_rule ECWN-1 Low
Description
The reuse of the OTA PIN can allow a hacker to provision an unauthorized device on the system.
STIG Date
Mobile Device Management (MDM) Server Security Technical Implementation Guide (STIG) 2013-05-08

Details

Check Text ( C-31149r5_chk )
This check is valid only with the Good Technology MDM server. It is Not Applicable (NA) for all other MDM servers.

1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy.

2. Select each policy set users are assigned to and, in turn, verify the required settings are in the policy set.

-Note: If there is a finding, note the name of the policy set in the Findings Details section in VMS/Component Provided Tracking Database.

-Verify “Allow OTA Provisioning PIN reuse” is unchecked.

Mark as a finding if “Allow OTA Provisioning PIN reuse” is checked.
Fix Text (F-27642r2_fix)
Disable (uncheck) “Allow OTA Provisioning PIN reuse” in the iOS policy on the MDM server.