Apple iOS/iPadOS 15 Security Technical Implementation Guide

Description

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: [email protected]

Details

Version / Release: V1R1

Published: 2021-09-15

Updated At: 2021-11-06 12:46:30

Actions

Download

Filter

Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-250919r801848_rule AIOS-15-001000 CCI-000366 LOW Apple iOS/iPadOS 15 must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods]. The System Administrator must have the capability to configure VPN access to meet organization-specific policies based on mission needs. Otherwise, a user could inadvertently or maliciously set up a VPN and connect to a network that poses unacceptable ris
    SV-250920r801851_rule AIOS-15-003000 CCI-001090 MEDIUM Apple iOS/iPadOS 15 must not allow backup to remote systems (iCloud). If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to c
    SV-250921r801854_rule AIOS-15-003200 CCI-001090 MEDIUM Apple iOS/iPadOS 15 must not allow backup to remote systems (iCloud document and data synchronization). If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to c
    SV-250922r801857_rule AIOS-15-003300 CCI-001090 MEDIUM Apple iOS/iPadOS 15 must not allow backup to remote systems (iCloud Keychain). If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to c
    SV-250923r801860_rule AIOS-15-003400 CCI-001090 MEDIUM Apple iOS/iPadOS 15 must not allow backup to remote systems (My Photo Stream). If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to c
    SV-250924r801863_rule AIOS-15-003500 CCI-001090 MEDIUM Apple iOS/iPadOS 15 must not allow backup to remote systems (iCloud Photo Sharing, also known as Shared Photo Streams). If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to c
    SV-250925r801866_rule AIOS-15-003600 CCI-001090 MEDIUM Apple iOS/iPadOS 15 must not allow backup to remote systems (managed applications data stored in iCloud). If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to c
    SV-250926r801869_rule AIOS-15-003700 CCI-001090 MEDIUM Apple iOS/iPadOS 15 must not allow backup to remote systems (enterprise books). If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to c
    SV-250927r801872_rule AIOS-15-004900 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM. When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, putting it at much greater risk of unauthorized access and disclosure. At
    SV-250928r801875_rule AIOS-15-005000 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must [selection: remove Enterprise application, remove all noncore applications (any nonfactory-installed application)] upon unenrollment from MDM. When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, putting it at much greater risk of unauthorized access and disclosure. At
    SV-250929r801878_rule AIOS-15-006500 CCI-000205 MEDIUM Apple iOS/iPadOS 15 must be configured to enforce a minimum password length of six characters. Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks. The ability to crack a password is a function of how many attempts an adversary is permitted, how quickly an adversary can do each attempt, an
    SV-250930r801881_rule AIOS-15-006600 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must be configured to not allow passwords that include more than two repeating or sequential characters. Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks. Passwords that contain repeating or sequential characters are significantly easier to guess than those that do not contain repeating or sequen
    SV-250931r801884_rule AIOS-15-006700 CCI-000057 MEDIUM Apple iOS/iPadOS 15 must be configured to enable a screen-lock policy that will lock the display after a period of inactivity. The screen-lock timeout helps protect the device from unauthorized access. Devices without a screen-lock timeout provide an opportunity for adversaries who gain physical access to the mobile device through loss, theft, etc. Such devices are much more like
    SV-250932r801887_rule AIOS-15-006800 CCI-000057 MEDIUM Apple iOS/iPadOS 15 must be configured to lock the display after 15 minutes (or less) of inactivity. The screen lock timeout must be set to a value that helps protect the device from unauthorized access. Having a too-long timeout would increase the window of opportunity for adversaries who gain physical access to the mobile device through loss, theft, et
    SV-250933r801890_rule AIOS-15-006900 CCI-000044 MEDIUM Apple iOS/iPadOS 15 must be configured to not allow more than 10 consecutive failed authentication attempts. The more attempts an adversary has to guess a password, the more likely the adversary will enter the correct password and gain access to resources on the device. Setting a limit on the number of attempts mitigates this risk. Setting the limit at 10 or les
    SV-250934r801893_rule AIOS-15-007000 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: DoD-approved commercial app repository, MDM server, mobile application store]. Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing such installations and executions could cause a compromise
    SV-250935r801896_rule AIOS-15-007200 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must not include applications with the following characteristics: access to Siri when the device is locked. Requiring all authorized applications to be in an application allow list prevents the execution of any applications (e.g., unauthorized, malicious) that are not part of the allow list. Failure to configure an application allow list properly could allow un
    SV-250936r801899_rule AIOS-15-007300 CCI-000366 MEDIUM Apple iOS/iPadOS 15 allow list must be configured to not include applications with the following characteristics: voice dialing application if available when MD is locked. Requiring all authorized applications to be in an application allow list prevents the execution of any applications (e.g., unauthorized, malicious) that are not part of the allow list. Failure to configure an application allow list properly could allow un
    SV-250937r802036_rule AIOS-15-007400 CCI-000366 MEDIUM Apple iOS/iPadOS 15 allowlist must be configured to not include applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services);- transmit MD diagnostic data to non-DoD servers; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. Requiring all authorized applications to be in an application allow list prevents the execution of any applications (e.g., unauthorized, malicious) that are not part of the allow list. Failure to configure an application allow list properly could allow un
    SV-250938r801905_rule AIOS-15-007500 CCI-000060 MEDIUM Apple iOS/iPadOS 15 must be configured to not display notifications when the device is locked. Many mobile devices display notifications on the lock screen so that users can obtain relevant information in a timely manner without having to frequently unlock the phone to determine if there are new notifications. However, in many cases, these notifica
    SV-250939r801908_rule AIOS-15-007600 CCI-000060 MEDIUM Apple iOS/iPadOS 15 must not display notifications (calendar information) when the device is locked. Many mobile devices display notifications on the lock screen so that users can obtain relevant information in a timely manner without having to frequently unlock the phone to determine if there are new notifications. However, in many cases, these notifica
    SV-250940r801911_rule AIOS-15-008400 CCI-000048 LOW Apple iOS/iPadOS 15 must be configured to display the DoD advisory warning message at startup or each time the user unlocks the device. Before granting access to the system, the mobile operating system is required to display the DoD-approved system use notification message or banner that provides privacy and security notices consistent with applicable Federal laws, Executive Orders, direc
    SV-250941r801914_rule AIOS-15-009200 CCI-001090 MEDIUM Apple iOS/iPadOS 15 must be configured to not allow backup of [all applications, configuration data] to locally connected systems. Data on mobile devices is protected by numerous mechanisms, including user authentication, access control, and cryptography. When the data is backed up to an external system (either locally connected or cloud based), many if not all of these mechanisms ar
    SV-250942r801917_rule AIOS-15-009700 CCI-002233 MEDIUM Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data. App data sharing gives apps the ability to access the data of other apps for enhanced user functionality. However, sharing also poses a significant risk that unauthorized users or apps will obtain access to DoD sensitive information. To mitigate this risk
    SV-250943r801920_rule AIOS-15-009800 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must be configured to disable multiuser modes. Multiuser mode allows multiple users to share a mobile device by providing a degree of separation between user data. To date, no mobile device with multiuser mode features meets DoD requirements for access control, data separation, and nonrepudiation for
    SV-250944r801923_rule AIOS-15-009900 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must be configured to [selection: wipe protected data, wipe sensitive data] upon unenrollment from MDM. When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, putting it at much greater risk of unauthorized access and disclosure. At
    SV-250945r801926_rule AIOS-15-010000 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must be configured to [selection: remove Enterprise applications, remove all noncore applications (any nonfactory installed application)] upon unenrollment from MDM. When a mobile device is no longer going to be managed by MDM technologies, its protected/sensitive data must be sanitized because it will no longer be protected by the MDM software, putting it at much greater risk of unauthorized access and disclosure. At
    SV-250946r801929_rule AIOS-15-010200 CCI-002536 MEDIUM Apple iOS/iPadOS 15 must be configured to disable ad hoc wireless client-to-client connection capability. Ad hoc wireless client-to-client connections allow mobile devices to communicate with each other directly, circumventing network security policies and making the traffic invisible. This could allow the exposure of sensitive DoD data and increase the risk
    SV-250947r801932_rule AIOS-15-010400 CCI-000366 HIGH Apple iOS/iPadOS 15 must require a valid password be successfully entered before the mobile device data is unencrypted. Passwords provide a form of access control that prevents unauthorized individuals from accessing computing resources and sensitive data. Passwords may also be a source of entropy for generation of key encryption or data encryption keys. If a password is n
    SV-250948r801935_rule AIOS-15-010500 CCI-000366 LOW Apple iOS/iPadOS 15 must implement the management setting: limit Ad Tracking. Ad Tracking refers to the advertisers' ability to categorize the device and spam the user with ads that are most relevant to the user's preferences. By not "Force limiting ad tracking", advertising companies are able to gather information about the user a
    SV-250949r801938_rule AIOS-15-010600 CCI-000366 LOW Apple iOS/iPadOS 15 must implement the management setting: not allow automatic completion of Safari browser passcodes. The AutoFill functionality in the Safari web browser allows the user to complete a form that contains sensitive information, such as PII, without previous knowledge of the information. By allowing the use of the AutoFill functionality, an adversary who le
    SV-250950r801941_rule AIOS-15-010700 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must implement the management setting: Encrypt iTunes backups/Encrypt local backup. When syncing an iPhone and iPad to a computer running iTunes, iTunes will prompt the user to back up the iPhone and iPad. If the performed backup is not encrypted, this could lead to the unauthorized disclosure of DoD sensitive information if non-DoD pers
    SV-250951r801944_rule AIOS-15-010800 CCI-000366 LOW Apple iOS/iPadOS 15 must implement the management setting: not allow use of Handoff. Handoff permits a user of an iPhone and iPad to transition user activities from one device to another. Handoff passes sufficient information between the devices to describe the activity, but app data synchronization associated with the activity is handled
    SV-250952r801947_rule AIOS-15-010900 CCI-000366 LOW Apple iOS/iPadOS 15 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device for the first time. When a user is allowed to use AirPlay without a password, it may mistakenly associate the iPhone and iPad with an AirPlay-enabled device other than the one intended (i.e., by choosing the wrong one from the AirPlay list displayed). This creates the potent
    SV-250953r801950_rule AIOS-15-011000 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must implement the management setting: Disable Allow MailDrop. MailDrop allows users to send large attachments (up to 5 GB) in size via iCloud. Storing data with a non-DoD cloud provider may leave the data vulnerable to breach. Disabling non-DoD cloud services mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #47
    SV-250954r801953_rule AIOS-15-011100 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must implement the management setting: Disable Allow Shared Albums. Storing data with a non-DoD cloud provider may leave the data vulnerable to breach. Disabling non-DoD cloud services mitigates this risk. Note: If the Authorizing Official (AO) has approved the use/storage of DoD data in one or more personal (unmanaged)
    SV-250955r801956_rule AIOS-15-011200 CCI-000366 HIGH iPhone and iPad must have the latest available iOS/iPadOS operating system installed. Required security features are not available in earlier OS versions. In addition, earlier versions may have known vulnerabilities. SFR ID: FMT_SMF_EXT.1.1 #47
    SV-250956r801959_rule AIOS-15-011300 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must implement the management setting: use SSL for Exchange ActiveSync. Exchange email messages are a form of data in transit and thus are vulnerable to eavesdropping and man-in-the-middle attacks. Secure Sockets Layer (SSL), also referred to as Transport Layer Security (TLS), provides encryption and authentication services t
    SV-250957r801962_rule AIOS-15-011400 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must implement the management setting: not allow messages in an ActiveSync Exchange account to be forwarded or moved to other accounts in the Apple iOS/iPadOS 15 Mail app. The Apple iOS/iPadOS Mail app can be configured to support multiple email accounts concurrently. These email accounts are likely to involve content of varying degrees of sensitivity (e.g., both personal and enterprise messages). To prevent the unauthorize
    SV-250958r801965_rule AIOS-15-011500 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must implement the management setting: Treat AirDrop as an unmanaged destination. AirDrop is a way to send contact information or photos to other users with this same feature enabled. This feature enables a possible attack vector for adversaries to exploit. Once the attacker has gained access to the information broadcast by this featur
    SV-250959r801968_rule AIOS-15-011600 CCI-000366 LOW Apple iOS/iPadOS 15 must implement the management setting: not have any Family Members in Family Sharing. Apple's Family Sharing service allows Apple iOS/iPadOS users to create a Family Group whose members have several shared capabilities, including the ability to lock, wipe, play a sound on, or locate the iPhone and iPads of other members. Each member of the
    SV-250960r801971_rule AIOS-15-011700 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must implement the management setting: not share location data through iCloud. Sharing of location data is an operational security (OPSEC) risk because it potentially allows an adversary to determine a DoD user's location, movements, and patterns in those movements over time. An adversary could use this information to target the use
    SV-250961r801974_rule AIOS-15-011800 CCI-000366 LOW Apple iOS/iPadOS 15 must implement the management setting: force Apple Watch wrist detection. Because Apple Watch is a personal device, it is key that any sensitive DoD data displayed on the Apple Watch cannot be viewed when the watch is not in the immediate possession of the user. This control ensures the Apple Watch screen locks when the user ta
    SV-250962r801977_rule AIOS-15-011900 CCI-000366 MEDIUM Apple iOS/iPadOS 15 users must complete required training. The security posture on iOS devices requires the device user to configure several required policy rules on their device. User Based Enforcement (UBE) is required for these controls. In addition, if the Authorizing Official (AO) has approved users' full ac
    SV-250963r801980_rule AIOS-15-012000 CCI-000366 MEDIUM A managed photo app must be used to take and store work-related photos. The iOS Photos app is unmanaged and may sync photos with a device user's personal iCloud account. Therefore, work-related photos must not be taken via the iOS camera app or stored in the Photos app. A managed photo app must be used to take and manage work
    SV-250964r801983_rule AIOS-15-012200 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must implement the management setting: enable USB Restricted Mode. The USB lightning port on an iOS device can be used to access data on the device. The required settings ensure the Apple device password is entered before a previously trusted USB accessory can connect to the device. SFR ID: FMT_SMF_EXT.1.1 #47
    SV-250965r801986_rule AIOS-15-012300 CCI-000366 LOW Apple iOS/iPadOS 15 must not allow managed apps to write contacts to unmanaged contacts accounts. Managed apps have been approved for the handling of DoD sensitive information. Unmanaged apps are provided for productivity and morale purposes but are not approved to handle DoD sensitive information. Examples of unmanaged apps include those for news ser
    SV-250966r801989_rule AIOS-15-012400 CCI-000366 LOW Apple iOS/iPadOS 15 must not allow unmanaged apps to read contacts from managed contacts accounts. Managed apps have been approved for the handling of DoD sensitive information. Unmanaged apps are provided for productivity and morale purposes but are not approved to handle DoD sensitive information. Examples of unmanaged apps include those for news ser
    SV-250967r801992_rule AIOS-15-012500 CCI-000366 LOW Apple iOS/iPadOS 15 must implement the management setting: disable AirDrop. AirDrop is a way to send contact information or photos to other users with this same feature enabled. This feature enables a possible attack vector for adversaries to exploit. Once the attacker has gained access to the information broadcast by this featur
    SV-250968r801995_rule AIOS-15-012600 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must implement the management setting: disable paired Apple Watch. Authorizing Official (AO) approval is required before an Apple Watch (DoD-owned or personally owned) can be paired with a DoD-owned iPhone to ensure the AO has evaluated the risk in having sensitive DoD data transferred to and stored on an Apple Watch in
    SV-250969r801998_rule AIOS-15-012700 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must disable Password AutoFill in browsers and applications. The AutoFill functionality in browsers and applications allows the user to complete a form that contains sensitive information, such as PII, without previous knowledge of the information. By allowing the use of the AutoFill functionality, an adversary who
    SV-250970r802001_rule AIOS-15-012800 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must disable allow setting up new nearby devices. This control allows Apple device users to request passwords from nearby devices. This could lead to a compromise of the device password with an unauthorized person or device. DoD Apple device passwords must not be shared. SFR ID: FMT_SMF_EXT.1.1 #47
    SV-250971r802004_rule AIOS-15-012900 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must disable password proximity requests. This control allows one Apple device to be notified to share its password with a nearby device. This could lead to a compromise of the device password with an unauthorized person or device. DoD Apple device passwords must not be shared. SFR ID: FMT_SMF_E
    SV-250972r802007_rule AIOS-15-013000 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must disable password sharing. This control allows sharing passwords between Apple devices using AirDrop. This could lead to a compromise of the device password with an unauthorized person or device. DoD Apple device passwords must not be shared. SFR ID: FMT_SMF_EXT.1.1 #47
    SV-250973r802010_rule AIOS-15-013100 CCI-000366 LOW Apple iOS/iPadOS 15 must disable Find My Friends in the Find My app. This control does not share a DoD user's location but encourages location sharing between DoD mobile device users, which can lead to operational security (OPSEC) risks. Sharing the location of a DoD mobile device is a violation of AIOS-15-011700. SFR ID:
    SV-250974r802013_rule AIOS-15-013200 CCI-000366 MEDIUM The Apple iOS/iPadOS 15 must be supervised by the MDM. When an iOS/iPadOS is not supervised, the DoD mobile service provider cannot control when new iOS/iPadOS updates are installed on site-managed devices. Most updates should be installed immediately to mitigate new security vulnerabilities, while some sites
    SV-250975r802016_rule AIOS-15-013300 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must disable "Allow USB drive access in Files app" if the Authorizing Official (AO) has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices. Unauthorized use of USB storage drives could lead to the introduction of malware or unauthorized software into the DoD IT infrastructure and compromise of sensitive DoD information and systems. SFR ID: FMT_SMF_EXT.1.1 #47
    SV-250976r802019_rule AIOS-15-013400 CCI-000366 LOW The Apple iOS must be configured to disable automatic transfer of diagnostic data to an external device other than an MDM service with which the device has enrolled. Many software systems automatically send diagnostic data to the manufacturer or a third party. This data enables the developers to understand real-world field behavior and improve the product based on that information. Unfortunately, it can also reveal in
    SV-250977r802022_rule AIOS-15-013500 CCI-000366 MEDIUM Apple iOS must implement the management setting: not allow a user to remove Apple iOS configuration profiles that enforce DoD security requirements. Configuration profiles define security policies on Apple iOS devices. If a user is able to remove a configuration profile, the user can then change the configuration that had been enforced by that policy. Relaxing security policies may introduce vulnerabi
    SV-250978r802025_rule AIOS-15-014300 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must disable "Allow network drive access in Files access". Allowing network drive access by the Files app could lead to the introduction of malware or unauthorized software into the DoD IT infrastructure and compromise of sensitive DoD information and systems. SFR ID: FMT_SMF_EXT.1.1 #47
    SV-250979r802028_rule AIOS-15-014400 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must disable connections to Siri servers for the purpose of dictation. If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to c
    SV-250980r802031_rule AIOS-15-014500 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must disable connections to Siri servers for the purpose of translation. If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to c
    SV-250981r802034_rule AIOS-15-014600 CCI-000366 MEDIUM Apple iOS/iPadOS 15 must disable copy/paste of data from managed to unmanaged applications. If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to c