U Apple iOS-iPadOS 17 BYOAD V1R1

ℹ️ The items you can view are limited because you do not have a subscription. Contact us at [email protected] to purchase one.

UNCLASSIFIED
Group Title
PP-BYO-000120
Group ID
V-259752
Rule Version
AIOS-17-800120
Rule Title
The iOS/iPadOS 17 BYOAD must be configured to protect users' privacy, personal information, and applications.
Rule ID
SV-259752r943581_rule
Rule Severity
Low
Rule Weight
10.0
Vuln Discussion

A key construct of a BYOAD is that user personal information and data are protected from exposure to the enterprise.

Reference: DOD policy "Use of Non-Government Mobile Devices". 3.b.(4), 3.b.(5).

SFR ID: FMT_SMF_EXT.1.1 #47

Documentable
False
Check Content

Verify the EMM system has been configured to limit access to unmanaged data and apps on the iOS/iPadOS 17 BYOAD to protect users' privacy, personal information, and applications.

The exact procedure will depend on the EMM system used at the site.

If the BYOAD has not been configured to limit access to unmanaged data and apps on the iOS/iPadOS 17 BYOAD, this is a finding.

Check System
C-63488r943579_chk
Fix Reference
F-63395r943580_fix
Fix Text

Configure the EMM system to limit access to unmanaged data and apps on the iOS/iPadOS 17 BYOAD to protect users' privacy, personal information, and applications.

The exact procedure will depend on the EMM system used at the site.

Identities
CCI-000366

Implement the security configuration settings.

  • 800-53 :: CM-6 b
  • 800-53 Rev. 4 :: CM-6 b
  • 800-53 Rev. 5 :: CM-6 b
  • 800-53A :: CM-6.1 (iv)
Group Title
PP-BYO-000130
Group ID
V-259753
Rule Version
AIOS-17-800130
Rule Title
The EMM system supporting the iOS/iPadOS 17 BYOAD must be configured to only wipe managed data and apps and not unmanaged data and apps when the user's access is revoked or terminated, the user no longer has the need to access DOD data or IT, or the user reports a registered device as lost, stolen, or showing indicators of compromise.
Rule ID
SV-259753r943584_rule
Rule Severity
Low
Rule Weight
10.0
Vuln Discussion

DOD policy requires the protection and privacy of personal data and activities to the maximum extent possible on BYOADs.

Reference: DOD policy "Use of Non-Government Mobile Devices". 3.b.(5).

SFR ID: FMT_SMF_EXT.1.1 #47

Documentable
False
Check Content

Verify the EMM system administrators supporting the iOS/iPadOS 17 BYOAD have been trained to only wipe managed data and apps when the user's access is revoked or terminated, the user no longer has the need to access DOD data or IT, or the user reports a registered device as lost, stolen, or showing indicators of compromise.

If the EMM system administrators supporting the iOS/iPadOS 17 BYOAD have not been trained to only wipe managed data and apps, this is a finding.

Check System
C-63489r943582_chk
Fix Reference
F-63396r943583_fix
Fix Text

Train EMM system administrators supporting the iOS/iPadOS 17 BYOAD to only wipe managed data and apps when the user's access is revoked or terminated, the user no longer has the need to access DOD data or IT, or the user reports a registered device as lost, stolen, or showing indicators of compromise.

Identities
CCI-000366

Implement the security configuration settings.

  • 800-53 :: CM-6 b
  • 800-53 Rev. 4 :: CM-6 b
  • 800-53 Rev. 5 :: CM-6 b
  • 800-53A :: CM-6.1 (iv)
Group Title
PP-BYO-000210
Group ID
V-259756
Rule Version
AIOS-17-800210
Rule Title
The User Agreement must include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.
Rule ID
SV-259756r943593_rule
Rule Severity
Low
Rule Weight
10.0
Vuln Discussion

DOD policy states BYOAD owners must sign a user agreement and be made aware of what personal data and activities will be monitored by the enterprise by including this information in the user agreement.

Reference: DOD policy "Use of Non-Government Mobile Devices" 3.a.(3)ii, and 3.c.(4).

SFR ID: FMT_SMF_EXT.1.1 #47

Documentable
False
Check Content

Verify the user agreement includes a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.

If the user agreement does not include a description of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools, this is a finding.

Check System
C-63492r943591_chk
Fix Reference
F-63399r943592_fix
Fix Text

Include a description in the user agreement of what personal data and information is being monitored, collected, or managed by the EMM system or deployed agents or tools.

Identities
CCI-000366

Implement the security configuration settings.

  • 800-53 :: CM-6 b
  • 800-53 Rev. 4 :: CM-6 b
  • 800-53 Rev. 5 :: CM-6 b
  • 800-53A :: CM-6.1 (iv)
UNCLASSIFIED