CCI-000068 in U Apple iOS-iPadOS 18 V1R1

ℹ️ The items you can view are limited because you do not have a subscription. Contact us at [email protected] to purchase one.

UNCLASSIFIED
Group Title
PP-MDF-331090
Group ID
V-267937
Rule Version
AIOS-18-001000
Rule Title
Apple iOS/iPadOS 18 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: on a per-app basis, on a per-group of applications processes basis].
Rule ID
SV-267937r1031117_rule
Rule Severity
Low
Rule Weight
10.0
Vuln Discussion

The system administrator must have the capability to configure VPN access to meet organization-specific policies based on mission needs. Otherwise, a user could inadvertently or maliciously set up a VPN and connect to a network that poses unacceptable risk to DOD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to compromise DOD sensitive information.

SFRID: FMT_SMF.1.1 #3

Documentable
False
Check Content

Review the list of unmanaged apps installed on the iPhone and iPad and determine if any unmanaged third-party VPN clients are installed. If so, verify the VPN app is not configured with a DOD network (work) VPN profile.

This validation procedure is performed on the iOS device only.

On the iPhone and iPad:

1. Open the Settings app.

2. Tap "General".

3. Tap the "VPN and Device Management" line and determine if any "Personal VPN" exists.

4. If not, the requirement has been met.

5. If there are personal VPNs, open each VPN app. Review the list of VPN profiles configured on the VPN client.

6. Verify no DOD network VPN profiles are configured on the VPN client.

If any third-party unmanaged VPN apps are installed (personal VPN) and they have a DOD network VPN profile configured on the client, this is a finding.

Note: This setting cannot be managed by the MDM administrator and is a User-Based Enforcement (UBE) requirement.

Check System
C-71861r1030562_chk
Fix Reference
F-71764r1030563_fix
Fix Text

If a third-party unmanaged VPN app is installed on the iOS 18 device, do not configure the VPN app with a DOD network VPN profile.

Identities
CCI-000068

Implement cryptographic mechanisms to protect the confidentiality of remote access sessions.

  • 800-53 :: AC-17 (2)
  • 800-53 Rev. 4 :: AC-17 (2)
  • 800-53 Rev. 5 :: AC-17 (2)
  • 800-53A :: AC-17 (2).1
CCI-000370

Manage configuration settings for organization-defined system components using organization-defined automated mechanisms.

  • 800-53 :: CM-6 (1)
  • 800-53 Rev. 4 :: CM-6 (1)
  • 800-53 Rev. 5 :: CM-6 (1)
  • 800-53A :: CM-6 (1).1
UNCLASSIFIED