STIGQter: STIG Summary: Apple iOS 12 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Jan 2019:

Apple iOS must implement the management setting: not share location data through iCloud.

DISA Rule

SV-96547r1_rule

Vulnerability Number

V-81833

Group Title

PP-MDF-991000

Rule Version

AIOS-12-011900

Severity

CAT II

CCI(s)

• CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Weight

10

Fix Recommendation

The user must configure Apple iOS to disable location sharing through iCloud.

Check Contents

Review configuration settings to confirm "Share My Location" is disabled. Note that this is a User based Enforcement (UBE) control, which cannot be managed by an MDM server.

This check procedure is performed on the Apple iOS device only.

On the Apple iOS device:
1. Open the Settings app.
2. Tap "Privacy".
3. Tap "Location Services".
4. Tap "Share My Location".
5. Verify "Share My Location" is off.

If "Share My Location" is toggled to the right and appears green on the Apple iOS device, this is a finding.

Vulnerability Number

V-81833

Documentable

False

Rule Version

AIOS-12-011900

Severity Override Guidance

Review configuration settings to confirm "Share My Location" is disabled. Note that this is a User based Enforcement (UBE) control, which cannot be managed by an MDM server.

This check procedure is performed on the Apple iOS device only.

On the Apple iOS device:
1. Open the Settings app.
2. Tap "Privacy".
3. Tap "Location Services".
4. Tap "Share My Location".
5. Verify "Share My Location" is off.

If "Share My Location" is toggled to the right and appears green on the Apple iOS device, this is a finding.

Check Content Reference

M

Target Key

3401

Comments