STIGQter: STIG Summary: Apple iOS/iPadOS 14 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

Apple iOS/iPadOS must require a valid password be successfully entered before the mobile device data is unencrypted.

DISA Rule

SV-228750r619923_rule

Vulnerability Number

V-228750

Group Title

PP-MDF-991000

Rule Version

AIOS-14-008800

Severity

CAT I

CCI(s)

• CCI-001199 - The information system protects the confidentiality and/or integrity of organization-defined information at rest.

Weight

10

Fix Recommendation

Install a configuration profile to require a password to unlock the device.

Check Contents

Review configuration settings to confirm the device is set to require a passcode before use.

This procedure is performed on the iOS and iPadOS device.

On the iPhone and iPad:
1. Open the Settings app.
2. Tap "General".
3. Tap "Profiles & Device Management" or "Profiles".
4. Tap the Configuration Profile from the iOS management tool containing the password policy.
5. Tap "Restrictions".
6. Tap "Passcode".
7. Verify "Passcode required is set to "Yes".

If "Passcode Required" is not set to "Yes", this is a finding.

Vulnerability Number

V-228750

Documentable

False

Rule Version

AIOS-14-008800

Severity Override Guidance

Review configuration settings to confirm the device is set to require a passcode before use.

This procedure is performed on the iOS and iPadOS device.

On the iPhone and iPad:
1. Open the Settings app.
2. Tap "General".
3. Tap "Profiles & Device Management" or "Profiles".
4. Tap the Configuration Profile from the iOS management tool containing the password policy.
5. Tap "Restrictions".
6. Tap "Passcode".
7. Verify "Passcode required is set to "Yes".

If "Passcode Required" is not set to "Yes", this is a finding.

Check Content Reference

M

Target Key

4231

Comments