STIGQter: STIG Summary: Apple iOS 12 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Jan 2019:

Apple iOS must require a valid password be successfully entered before the mobile device data is unencrypted.

DISA Rule

SV-96521r1_rule

Vulnerability Number

V-81807

Group Title

PP-MDF-991000

Rule Version

AIOS-12-010500

Severity

CAT I

CCI(s)

• CCI-001199 - The information system protects the confidentiality and/or integrity of organization-defined information at rest.

Weight

10

Fix Recommendation

Install a configuration profile to require a password to unlock the device.

Check Contents

Review configuration settings to confirm the device is set to require a passcode before use.

This procedure is performed on the iOS device.

On the Apple iOS device:
1. Open the Settings app.
2. Tap "General".
3. Tap "Profiles & Device Management".
4. Tap the Configuration Profile from the iOS management tool containing the password policy.
5. Tap "Restrictions".
6. Verify "Passcode" under PASSWORD POLICY is listed.

If "Passcode" is not listed, this is a finding.

Vulnerability Number

V-81807

Documentable

False

Rule Version

AIOS-12-010500

Severity Override Guidance

Review configuration settings to confirm the device is set to require a passcode before use.

This procedure is performed on the iOS device.

On the Apple iOS device:
1. Open the Settings app.
2. Tap "General".
3. Tap "Profiles & Device Management".
4. Tap the Configuration Profile from the iOS management tool containing the password policy.
5. Tap "Restrictions".
6. Verify "Passcode" under PASSWORD POLICY is listed.

If "Passcode" is not listed, this is a finding.

Check Content Reference

M

Target Key

3401

Comments