Apple iOS6 Security Technical Implementation Guide

Developed by DISA for use in the DoD. Comments or proposed revisions to this document should be sent via e-mail to the following address: [email protected]

Details

Version / Release: V1R3

Published: 2014-10-07

Updated At: 2018-09-23 02:01:57

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-40265r3_rule WIR-MOS-iOS-034-01 MEDIUM The VPN client on mobile devices used for remote access to DoD networks must be FIPS 140-2 validated. DoD data could be compromised if transmitted data is not secured with a compliant VPN. FIPS validation provides a level of assurance that the encryption of the device has been securely implemented.System AdministratorECWN-1
    SV-36449r2_rule WIR-MOS-iOS-034-02 MEDIUM All mobile device VPN clients used for remote access to DoD networks must support AES encryption. DoD data could be compromised if transmitted data is not secured with a compliant VPN.System AdministratorInformation Assurance OfficerECWN-1
    SV-36450r2_rule WIR-MOS-iOS-034-03 MEDIUM All mobile device VPN clients used for remote access to DoD networks must be configured to require CAC authentication. DoD data could be compromised if transmitted data is not secured with a compliant VPN.System AdministratorInformation Assurance OfficerECWN-1
    SV-36451r2_rule WIR-MOS-iOS-034-04 MEDIUM All mobile device VPN clients must have split tunneling disabled. DoD data could be compromised if transmitted data is not secured with a compliant VPN. Split tunneling could allow connections from non-secure Internet sites to access data on the DoD network.System AdministratorInformation Assurance OfficerECWN-1
    SV-30781r3_rule WIR-MOS-iOS-002 LOW Smart Card Readers (SCRs) used with CMDs must have required software version installed. Required security features are not available in earlier software versions. In addition, there may be known vulnerabilities in earlier versions.System AdministratorECSC-1
    SV-30782r3_rule WIR-MOS-iOS-003 MEDIUM S/MIME must be installed on mobile device, so users can sign/encrypt email. S/MIME provides the capability for users to send and receive S/MIME email messages from wireless email devices. S/MIME and digital signatures provide assurance the message is authentic and is required by DoD policy. Without S/MIME users will not be able
    SV-30783r2_rule WIR-MOS-iOS-004 LOW If mobile device email auto signatures are used, the signature message must not disclose the email originated from a CMD (e.g., Sent From My Wireless Handheld). The disclaimer message may give information which may key an attacker in on the device. System AdministratorInformation Assurance OfficerECSC-1
    SV-30784r3_rule WIR-MOS-iOS-005 LOW The browser must direct all traffic to a DoD Internet proxy gateway. When using the DoD Internet proxy for iOS device Internet connections, enclave Internet security controls will filter and monitor iOS device Internet connections and reduce the risk that malware could be downloaded on the mobile device. System Administrat
    SV-34937r3_rule WIR-MOS-iOS-030-01 MEDIUM Mobile devices must have the required operating system software version installed. Unapproved OS versions do not support required security features.System AdministratorECWN-1
    SV-30789r2_rule WIR-MOS-iOS-G-010 MEDIUM Mobile devices must be configured to require a password/passcode for device unlock. Sensitive DoD data could be compromised if a device unlock passcode is not set up on a DoD iOS device. System AdministratorECWN-1, IAIA-1
    SV-30790r3_rule WIR-MOS-iOS-G-012-01 LOW The iOS device password complexity must be set to the required value. iOS provides a security mechanism to prevent users from choosing simple passcodes (e.g., 1111). Implementation of this control is an appropriate defense-in-depth measure to mitigate unauthorized use of the device.System AdministratorIAIA-1, ECWN-1
    SV-30792r2_rule WIR-MOS-iOS-G-013 LOW Maximum passcode age must be set. Sensitive DoD data could be compromised if a strong device unlock passcode is not set up on a DoD iOS device and the passcode is not changed periodically. System AdministratorIAIA-1, ECWN-1
    SV-30795r3_rule WIR-MOS-iOS-G-016 MEDIUM The mobile device must be set to lock the device after a set period of user inactivity. Sensitive DoD data could be compromised if the CMD does not automatically lock after 15 minutes of inactivity.System AdministratorPESL-1
    SV-30796r2_rule WIR-MOS-iOS-G-017 MEDIUM Passcode maximum failed attempts must be set to required value. A hacker with unlimited attempts can determine the password of an iOS device within a few minutes using password hacking tools, which could lead to unauthorized access to the iOS device and exposure to sensitive DoD data. System AdministratorIAIA-1
    SV-30797r3_rule WIR-MOS-iOS-G-019 MEDIUM Access to public media stores must be disabled. Strong configuration management of all media installed on DoD devices is required to ensure the security baseline of the system is maintained. Therefore, the ability for the user to download unapproved applications must be disabled.System AdministratorInf
    SV-30798r3_rule WIR-MOS-iOS-G-020 MEDIUM Users ability to download iOS applications must be disabled. Application download must be disabled so that unauthorized applications are not installed on DoD-managed iOS devices. Unauthorized apps may contain malware or may modify the security baseline of the device. This could lead to the exposure of sensitive Do
    SV-30799r3_rule WIR-MOS-iOS-G-021 LOW Mobile device cameras must be used only if documented approval is in the site physical security policy. This is an operational security issue. DoD sensitive information could be compromised if cameras are allowed in areas not authorized by the site physical security plan.System AdministratorInformation Assurance OfficerDesignated Approving AuthorityInform
    SV-30801r2_rule WIR-MOS-iOS-G-022 MEDIUM Mobile device screen capture must not be allowed. Sensitive data, including FOUO data displayed on the screen, could be saved in unsecure memory on the device.System AdministratorECWN-1
    SV-32026r3_rule WIR-MOS-iOS-G-011 MEDIUM The device minimum password/passcode length must be set. Sensitive DoD data could be compromised if a device unlock password/passcode is not set to required length on DoD CMDs. System AdministratorECWN-1, IAIA-1
    SV-30793r3_rule WIR-MOS-iOS-G-014 LOW Apple iOS Auto-Lock must be set. The "Auto-lock" feature enforces an inactivity timeout when coupled with a password lock. Without an inactivity timeout, sensitive DoD data on the device could be easily disclosed to anyone who obtains physical possession of the device. The absence of aut
    SV-30794r2_rule WIR-MOS-iOS-G-015 LOW The mobile device passcode/password history setting must be set. The passcode would be more susceptible to compromise if the user can select frequently used passcodes.System AdministratorIAIA-1
    SV-34930r3_rule WIR-MOS-iOS-040-01 MEDIUM The mobile device Bluetooth radio must only connect to authorized Bluetooth peripherals. The Bluetooth radio can be used by a hacker to connect to the iOS device without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave.System AdministratorECWN-1
    SV-30786r2_rule WIR-MOS-iOS-007 MEDIUM All mobile devices must display the required banner during device unlock/logon. DoD CIO memo requires all CMDs to have a consent banner displayed during logon/device unlock to ensure users understand their responsibilities to safeguard DoD data. System AdministratorECWM-1
    SV-30834r2_rule WIR-MOS-iOS-G-018-01 LOW iOS Safari must be disabled. The Safari browser does not support FIPS 140-2 validated encryption and CAC authentication to DoD websites. FIPS validation provides a level of assurance that encrypted sensitive data will not be compromised.System AdministratorECWN-1, ECSC-1
    SV-34932r2_rule WIR-MOS-iOS-042 LOW Location services must be turned off unless authorized for use for particular applications, in which case, location services must only be available to the authorized applications. Mobile device location services allow applications to gather information about the location of the handheld device and possibly forward it to servers located on the Internet. This is an operational security issue for DoD mobile devices.System Administrato
    SV-31000r3_rule WIR-iOS-005 LOW The iOS device Wi-Fi setting Ask to Join Networks must be set to Off at all times (User Based Enforcement (UBE)). When “Ask to Join Networks” is set to on, the user is alerted whenever they are in the vicinity of a Wi-Fi hotspot and could be tempted to connect to an unauthorized public hotspot, which could be managed by a hacker. Although the risk of exposing sen
    SV-32021r3_rule WIR-MOS-iOS-G-023 LOW Access to online application purchases must be disabled. Strong configuration management of all applications installed on DoD devices is required to ensure the security baseline of the system is maintained. Otherwise, sensitive DoD data could be compromised. Therefore, the ability for the user to download unapp
    SV-35228r2_rule WIR-MOS-iOS-G-008 MEDIUM Remote full device wipe must be enabled. Sensitive DoD data could be compromised if mobile OS device data could not be wiped when directed by the system administrator.System AdministratorECWN-1, ECCR-1
    SV-43032r1_rule WIR-MOS-iOS-50-02 MEDIUM iOS Siri application must be disabled. The Siri application connects to Apple servers and stores information about the device and user inquiries on those servers. The use of Siri could lead to the compromise of sensitive DoD information. System AdministratorECWN-1
    SV-43034r1_rule WIR-MOS-iOS-50-03 MEDIUM iOS Multiplayer Gaming must be disabled. The game function connects to Apple servers and allows the transfer of device data to other iOS devices. The use of the game function could lead to the compromise of sensitive DoD information.System AdministratorECWN-1
    SV-43035r1_rule WIR-MOS-iOS-50-04 MEDIUM Adding Game Center Friends must be disabled. The game function connects to Apple servers and allows the transfer of device data to other iOS devices. The use of the game function could lead to the compromise of sensitive DoD information. System AdministratorECWN-1
    SV-43036r1_rule WIR-MOS-iOS-50-05 MEDIUM iCloud Backup must be disabled. The iCloud feature (and associated iCloud setting in iOS) stores iOS device data on Apple controlled servers. Sensitive DoD data saved on the iOS device could be compromised when it is stored on the Apple servers. Acceptable backup methods include backup
    SV-43037r1_rule WIR-MOS-iOS-50-06 MEDIUM Document Syncing must be disabled. The iCloud feature (and associated iCloud setting in iOS) stores iOS device data on Apple controlled servers. Sensitive DoD data saved on the iOS device could be compromised when it is stored on the Apple servers.System AdministratorECWN-1
    SV-43039r1_rule WIR-MOS-iOS-50-07 LOW Photo Stream must be disabled. The iCloud feature (and associated iCloud setting in iOS) stores iOS device data on Apple controlled servers. Sensitive DoD data saved on the iOS device could be compromised when it is stored on the Apple servers.System AdministratorECWN-1
    SV-43041r2_rule WIR-MOS-iOS-50-08 MEDIUM Diagnostic Data must not be sent to Apple or other unauthorized entity. Sensitive DoD information could be compromised if this setting is not implemented. DoD mobile device diagnostic data could be considered sensitive data and should not be sent to Apple and reside on Apple servers. System AdministratorECWM-1
    SV-43042r1_rule WIR-MOS-iOS-034-05 MEDIUM All mobile device VPN clients must timeout after a set period of inactivity. DoD data and the DoD network could be compromised if transmitted data is not secured with a compliant VPN. A VPN provides an open connection to the DoD network. If the VPN client does not timeout after the required period of inactivity, and a hacker is
    SV-43043r1_rule WIR-MOS-iOS-034-06 MEDIUM The mobile operating system must not cache smart card or certificate store passwords used by the VPN client for more than two hours. DoD data could be compromised if transmitted data is not secured with a compliant VPN. User authentication credentials (CAC PIN) may be compromised if a hacker credential cache is not wiped on a periodic basis.System AdministratorECWN-1
    SV-43044r1_rule WIR-MOS-60 HIGH MDM, MAM, and integrity validation agent(s) must be installed on the mobile OS device. The MDM, MAM, and integrity scanning agents all perform various security management functions on the iOS devices (some products integrate all three functions into one agent). If these agents are not on the mobile device, key security controls may not be
    SV-43045r2_rule WIR-MOS-iOS-65-01 HIGH The mobile operating system must not permit a user to disable or modify the security policy or enforcement mechanisms on the device. The integrity of the security policy and enforcement mechanisms is critical to the IA posture of the operating system. If a user can modify a device's security policy or enforcement mechanisms, then a wide range of subsequent attacks are possible, includ
    SV-43046r1_rule WIR-MOS-iOS-65-02 HIGH The mobile operating system must provide mutual authentication between the provisioning server and the provisioned device during a trusted over-the-air (OTA) provisioning session. When dealing with access restrictions pertaining to change control, it should be noted that any changes to the hardware, software, and/or firmware components of the information system can potentially have significant effects on the overall security of the
    SV-43047r1_rule WIR-MOS-iOS-65-03 MEDIUM The mobile operating system must protect the confidentiality of the provisioning data downloaded to the handheld device during a trusted over-the-air (OTA) provisioning session. Provisioning data may be sensitive and therefore must be adequately protected. An adversary within the general proximity of the mobile device can eavesdrop on OTA transactions, making them particularly vulnerable to attack if confidentiality protections
    SV-43048r1_rule WIR-MOS-iOS-65-04 MEDIUM The mobile operating system must protect the integrity of the provisioning data downloaded to the handheld device during a trusted over-the-air (OTA) provisioning session. Provisioning data may be sensitive and therefore must be adequately protected. It may be possible for an adversary within the general proximity of the mobile device to hijack provisioning sessions and modify data transmitted during the provisioning proce
    SV-43049r1_rule WIR-MOS-iOS-65-05 LOW The mobile operating system must support the capability for the system administrator to disable over-the-air (OTA) provisioning. In some environments, the risk of OTA provisioning may outweigh any convenience benefit it offers. In addition, some OTA mechanisms do not provide appropriate authentication and cryptographic integrity measures. In such cases, the administrator should hav
    SV-43052r2_rule WIR-MOS-iOS-65-08 MEDIUM The cryptographic module supporting encryption of data in transit (including email and attachments) must be FIPS 140-2 validated. The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement
    SV-43057r2_rule WIR-MOS-iOS-65-11 MEDIUM The mobile operating system must prevent a user from using a browser that does not direct its traffic to a DoD proxy server. Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware down
    SV-43062r2_rule WIR-MOS-iOS-65-15 HIGH The mobile operating system must employ a DoD-approved anti-malware protections. In order to minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code
    SV-44625r1_rule WIR-MOS-iOS-70-01 MEDIUM Shared Photo Stream must be disabled. The iCloud feature (and associated iCloud setting in iOS) stores iOS device data on Apple controlled servers. Sensitive DoD data saved on the iOS device could be compromised when it is stored on the Apple servers.System AdministratorECWN-1
    SV-44626r1_rule WIR-MOS-iOS-70-02 MEDIUM Access to iOS Passbook applications must be disabled. iOS Passbook allows applications to be accessed after the iOS device is locked. The icons for passbook enabled apps are shown on the device screen after the device is locked. Any sensitive data stored in the available application would be available if t
    SV-44627r1_rule WIR-MOS-iOS-70-03 MEDIUM The iOS device user must not allow applications to share data between iOS devices via Bluetooth. The iOS device Bluetooth sharing feature allows applications to share data saved on the iOS device with other iOS devices via Bluetooth connections between the devices. This feature allows the wireless transmission of sensitive DoD data without using FIP
    SV-44841r2_rule WIR-MOS-iOS-70-04 MEDIUM A Wi-Fi profile must be set up on managed iOS devices to disable access to any public Wi-Fi network that iOS may otherwise auto-join. iOS has the capability to “auto-join” public Wi-Fi networks that are pre-configured in iOS. This feature is available in iOS to improve a user’s experience when connecting to the Internet. The “attwifi” public network has been found to be monito
    SV-44851r2_rule WIR-MOS-iOS-70-05 MEDIUM The ability to wipe a DoD iOS device via an iCloud account must be disabled. If a DoD iOS device is associated with an iCloud account, a user of that iCloud account, or anyone who gains access to that iCloud account, can send a device wipe command to the iOS device and the device will wipe itself. This will cause a Denial-Of-Servi
    SV-46252r1_rule WIR-MOS-iOS-70-06 LOW The iOS device iMessage service must be set to Off at all times (User Based Enforcement (UBE)). iOS iMessage service provides the potential for the exposure of private and possibly sensitive DoD information. When a DoD iOS device is transferred to a new user or disposed of, the device may still receive iMessages sent to the previous DoD user. iMess
    SV-49532r1_rule WIR-MOS-iOS-G-024 MEDIUM The iOS Passcode must contain at least one alphabetic and one numeric character. Sensitive DoD data could be compromised if a device unlock password/passcode is not set to the required complexity on DoD CMDs. System AdministratorECWN-1, IAIA-1
    SV-49533r1_rule WIR-MOS-iOS-G-025 MEDIUM The iOS Passcode must contain at least one complex (non-alphanumeric) character. Sensitive DoD data could be compromised if a device unlock password/passcode is not set to the required complexity on DoD CMDs. The DoD CMD password requirements for protecting sensitive data are that the password must be at least 8 characters in length a
    SV-69229r1_rule WIR-MOS-iOS-500 CCI-000366 HIGH Apple iOS operating systems that are no longer supported by the vendor for security updates must not be installed on a system. Apple iOS operating systems that are no longer supported by Apple for security updates are not evaluated or updated for vulnerabilities, leaving them open to potential attack. Organizations must transition to a supported operating system to ensure contin