U Apple iOS-iPadOS 16 V2R1

ℹ️ The items you can view are limited because you do not have a subscription. Contact us at [email protected] to purchase one.

UNCLASSIFIED
Group Title
PP-MDF-990000
Group ID
V-254606
Rule Version
AIOS-16-010400
Rule Title
Apple iOS/iPadOS 16 must require a valid password be successfully entered before the mobile device data is unencrypted.
Rule ID
SV-254606r959010_rule
Rule Severity
High
Rule Weight
10.0
Vuln Discussion

Passwords provide a form of access control that prevents unauthorized individuals from accessing computing resources and sensitive data. Passwords may also be a source of entropy for generation of key encryption or data encryption keys. If a password is not required to access data, this data is accessible to any adversary who obtains physical possession of the device. Requiring that a password be successfully entered before the mobile device data is unencrypted mitigates this risk.

Note: MDF PP v2.0 requires a Password Authentication Factor and requires management of its length and complexity. It leaves open whether the existence of a password is subject to management. This requirement addresses the configuration to require a password, which is critical to the cybersecurity posture of the device.

SFR ID: FIA_UAU_EXT.1.1

Documentable
False
Check Content

Review configuration settings to confirm the device is set to require a passcode before use.

This procedure is performed on the iOS and iPadOS device.

On the iPhone and iPad:

1. Open the Settings app.

2. Tap "General".

3. Tap "Profiles & Device Management" or "Profiles".

4. Tap the Configuration Profile from the iOS management tool containing the password policy.

5. Tap "Restrictions".

6. Tap "Passcode".

7. Verify "Passcode required" is set to "Yes".

If "Passcode required" is not set to "Yes", this is a finding.

Check System
C-58217r862072_chk
Fix Reference
F-58163r862073_fix
Fix Text

Install a configuration profile to require a password to unlock the device.

Identities
CCI-001199

Protects the confidentiality and/or integrity of organization-defined information at rest.

  • 800-53 :: SC-28
  • 800-53 Rev. 4 :: SC-28
  • 800-53 Rev. 5 :: SC-28
  • 800-53A :: SC-28.1
Group Title
PP-MDF-990000
Group ID
V-254614
Rule Version
AIOS-16-011200
Rule Title
iPhone and iPad must have the latest available iOS/iPadOS operating system installed.
Rule ID
SV-254614r959010_rule
Rule Severity
High
Rule Weight
10.0
Vuln Discussion

Required security features are not available in earlier OS versions. In addition, earlier versions may have known vulnerabilities.

SFR ID: FMT_SMF_EXT.1.1 #47

Documentable
False
Check Content

Review configuration settings to confirm the most recently released version of iOS is installed.

This validation procedure is performed on both the Apple iOS/iPadOS management tool and the iPhone and iPad. Go to https://www.apple.com and determine the most current version of iOS released by Apple.

In the MDM management console, review the version of iOS installed on a sample of managed devices. This procedure will vary depending on the MDM product.

On the iPhone and iPad:

1. Open the Settings app.

2. Tap "General".

3. Tap "About" and view the installed version of iOS.

4. Go back to the "General" screen. Tap "Software Update" and verify the following message is shown on the screen: "Your software is up to date."

If the installed version of iOS on any reviewed iOS/iPadOS devices is not the latest released by Apple, this is a finding.

Check System
C-58225r862096_chk
Fix Reference
F-58171r862097_fix
Fix Text

Install the latest release version of Apple iOS/iPadOS on all managed iOS devices.

Identities
CCI-000366

Implement the security configuration settings.

  • 800-53 :: CM-6 b
  • 800-53 Rev. 4 :: CM-6 b
  • 800-53 Rev. 5 :: CM-6 b
  • 800-53A :: CM-6.1 (iv)
CCI-000370

Manage configuration settings for organization-defined system components using organization-defined automated mechanisms.

  • 800-53 :: CM-6 (1)
  • 800-53 Rev. 4 :: CM-6 (1)
  • 800-53 Rev. 5 :: CM-6 (1)
  • 800-53A :: CM-6 (1).1
CCI-000381

Configure the system to provide only organization-defined mission essential capabilities.

  • 800-53 :: CM-7
  • 800-53 Rev. 4 :: CM-7 a
  • 800-53 Rev. 5 :: CM-7 a
  • 800-53A :: CM-7.1 (ii)
UNCLASSIFIED