STIGQter: STIG Summary: Apple iOS 12 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Jan 2019:

Apple iOS must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [selection: Apple App Store].

DISA Rule

SV-96479r1_rule

Vulnerability Number

V-81765

Group Title

PP-MDF-301080

Rule Version

AIOS-12-001000

Severity

CAT II

CCI(s)

• CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

10

Fix Recommendation

Install a configuration profile to disable "Allow Trusting New Enterprise App Authors".

Check Contents

Review configuration settings to confirm "Allow Trusting New Enterprise App Authors" restriction is disabled.

This procedure is performed in the Apple iOS management tool and on the Apple iOS device.

Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.

In the Management tool, verify the "Allow Trusting New Enterprise App Authors" is disabled.

On the Apple iOS device:
1. Open the Settings app.
2. Tap "General".
3. Tap "Profiles & Device Management".
4. Tap the Configuration Profile from the Apple iOS management tool containing the password policy.
5. Tap "Restrictions".
6. Verify "Trusting enterprise apps not allowed" is listed.

If the "Allow Trusting New Enterprise App Authors" is not disabled in the iOS management tool or on the Apple iOS device, this is a finding.

Vulnerability Number

V-81765

Documentable

False

Rule Version

AIOS-12-001000

Severity Override Guidance

Review configuration settings to confirm "Allow Trusting New Enterprise App Authors" restriction is disabled.

This procedure is performed in the Apple iOS management tool and on the Apple iOS device.

Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.

In the Management tool, verify the "Allow Trusting New Enterprise App Authors" is disabled.

On the Apple iOS device:
1. Open the Settings app.
2. Tap "General".
3. Tap "Profiles & Device Management".
4. Tap the Configuration Profile from the Apple iOS management tool containing the password policy.
5. Tap "Restrictions".
6. Verify "Trusting enterprise apps not allowed" is listed.

If the "Allow Trusting New Enterprise App Authors" is not disabled in the iOS management tool or on the Apple iOS device, this is a finding.

Check Content Reference

M

Target Key

3401

Comments