STIGQter: STIG Summary: Apple iOS/iPadOS 14 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

Apple iOS/iPadOS must implement the management setting: not share location data through iCloud.

DISA Rule

SV-228763r619923_rule

Vulnerability Number

V-228763

Group Title

PP-MDF-991000

Rule Version

AIOS-14-010100

Severity

CAT II

CCI(s)

• CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Weight

10

Fix Recommendation

The user must configure Apple iOS/iPadOS to disable location sharing through iCloud.

Check Contents

Review configuration settings to confirm "Share My Location" is disabled. Note that this is a User Based Enforcement (UBE) control, which cannot be managed by an MDM server.

This check procedure is performed on the iPhone and iPad only.

On the iPhone and iPad:
1. Open the Settings app.
2. Tap "Privacy".
3. Tap "Location Services".
4. If the AO has not approved use of personal iCloud accounts on the device, verify "Share My Location" is grayed-out (cannot be selected).
5. If the AO has approved the use of personal iCloud accounts on the device, tap "Share My Location".
6. Verify "Share My Location" is off.

If "Share My Location" is not grayed-out (cannot be selected) when the AO has not approved use of personal iCloud accounts on the device, this is a finding.

If "Share My Location" is toggled to the right and appears green on the iPhone and iPad when the AO has approved the use of personal iCloud accounts, this is a finding.

Vulnerability Number

V-228763

Documentable

False

Rule Version

AIOS-14-010100

Severity Override Guidance

Review configuration settings to confirm "Share My Location" is disabled. Note that this is a User Based Enforcement (UBE) control, which cannot be managed by an MDM server.

This check procedure is performed on the iPhone and iPad only.

On the iPhone and iPad:
1. Open the Settings app.
2. Tap "Privacy".
3. Tap "Location Services".
4. If the AO has not approved use of personal iCloud accounts on the device, verify "Share My Location" is grayed-out (cannot be selected).
5. If the AO has approved the use of personal iCloud accounts on the device, tap "Share My Location".
6. Verify "Share My Location" is off.

If "Share My Location" is not grayed-out (cannot be selected) when the AO has not approved use of personal iCloud accounts on the device, this is a finding.

If "Share My Location" is toggled to the right and appears green on the iPhone and iPad when the AO has approved the use of personal iCloud accounts, this is a finding.

Check Content Reference

M

Target Key

4231

Comments