STIGQter: STIG Summary: Apple iOS/iPadOS 14 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The mobile operating system must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods].

DISA Rule

SV-228733r619923_rule

Vulnerability Number

V-228733

Group Title

PP-MDF-302060

Rule Version

AIOS-14-000500

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-000370 - The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components.

Weight

10

Fix Recommendation

If a third-party unmanaged VPN app is installed on the iOS 14 device, do not configure the VPN app with a DoD network VPN profile.

Check Contents

Review the list of unmanaged apps installed on the iPhone and iPad and determine if any third-party VPN clients are installed. If yes, verify the VPN app is not configured with a DoD network (work) VPN profile.

This validation procedure is performed on the iOS device only.

On the iPhone and iPad:
1. Open the Settings app.
2. Tap "General".
3. In the "VPN" line, look to see if any "Personal VPN" exists.
4. If not, the requirement has been met.
5. If so, open each VPN app. Review the list of VPN profiles configured on the VPN client.
6. Verify there are no DoD network VPN profiles configured on the VPN client.

If any third-party unmanaged VPN apps are installed (personal VPN) and have a DoD network VPN profile configured on the client, this is a finding.

Note: This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.

Vulnerability Number

V-228733

Documentable

False

Rule Version

AIOS-14-000500

Severity Override Guidance

Review the list of unmanaged apps installed on the iPhone and iPad and determine if any third-party VPN clients are installed. If yes, verify the VPN app is not configured with a DoD network (work) VPN profile.

This validation procedure is performed on the iOS device only.

On the iPhone and iPad:
1. Open the Settings app.
2. Tap "General".
3. In the "VPN" line, look to see if any "Personal VPN" exists.
4. If not, the requirement has been met.
5. If so, open each VPN app. Review the list of VPN profiles configured on the VPN client.
6. Verify there are no DoD network VPN profiles configured on the VPN client.

If any third-party unmanaged VPN apps are installed (personal VPN) and have a DoD network VPN profile configured on the client, this is a finding.

Note: This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.

Check Content Reference

M

Target Key

4231

Comments