STIGQter: STIG Summary: Apple iOS/iPadOS 14 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

Apple iOS/iPadOS must not allow backup to remote systems (managed applications data stored in iCloud).

DISA Rule

SV-228746r619923_rule

Vulnerability Number

V-228746

Group Title

PP-MDF-302220

Rule Version

AIOS-14-004200

Severity

CAT II

CCI(s)

• CCI-000097 - The organization restricts or prohibits the use of organization-controlled portable storage devices by authorized individuals on external information systems.
• CCI-000366 - The organization implements the security configuration settings.
• CCI-000370 - The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components.

Weight

10

Fix Recommendation

Install a configuration profile to prevent DoD applications from storing data in iCloud.

Check Contents

Review configuration settings to confirm "Allow managed apps to store data in iCloud" is disabled.

This check procedure is performed on both the Apple iOS/iPadOS management tool and the iPhone and iPad.

Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.

In the Apple iOS/iPadOS management tool, verify "Allow managed apps to store data in iCloud" is unchecked.

Alternatively, verify the text "<key>allowManagedAppsCloudSync</key> <false/>" appears in the configuration profile (.mobileconfig file).

On the iPhone and iPad:
1. Open the Settings app.
2. Tap "General".
3. Tap "Profiles & Device Management" or "Profiles".
4. Tap the Configuration Profile from the Apple iOS/iPadOS management tool containing the restrictions policy.
5. Tap "Restrictions".
6. Verify "Managed apps cloud sync not allowed" is listed.

If "Allow managed apps to store data in iCloud" is checked in the Apple iOS/iPadOS management tool, "<key>allowManagedAppsCloudSync</key> <true/>" appears in the configuration profile, or the restrictions policy on the iPhone and iPad does not list "Managed apps cloud sync not allowed", this is a finding.

Vulnerability Number

V-228746

Documentable

False

Rule Version

AIOS-14-004200

Severity Override Guidance

Review configuration settings to confirm "Allow managed apps to store data in iCloud" is disabled.

This check procedure is performed on both the Apple iOS/iPadOS management tool and the iPhone and iPad.

Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.

In the Apple iOS/iPadOS management tool, verify "Allow managed apps to store data in iCloud" is unchecked.

Alternatively, verify the text "<key>allowManagedAppsCloudSync</key> <false/>" appears in the configuration profile (.mobileconfig file).

On the iPhone and iPad:
1. Open the Settings app.
2. Tap "General".
3. Tap "Profiles & Device Management" or "Profiles".
4. Tap the Configuration Profile from the Apple iOS/iPadOS management tool containing the restrictions policy.
5. Tap "Restrictions".
6. Verify "Managed apps cloud sync not allowed" is listed.

If "Allow managed apps to store data in iCloud" is checked in the Apple iOS/iPadOS management tool, "<key>allowManagedAppsCloudSync</key> <true/>" appears in the configuration profile, or the restrictions policy on the iPhone and iPad does not list "Managed apps cloud sync not allowed", this is a finding.

Check Content Reference

M

Target Key

4231

Comments