STIGQter STIGQter: STIG Summary: Apple iOS/iPadOS 14 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

Apple iOS/iPadOS must implement the management setting: not have any Family Members in Family Sharing.

DISA Rule

SV-228762r619923_rule

Vulnerability Number

V-228762

Group Title

PP-MDF-991000

Rule Version

AIOS-14-010000

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

The user must either remove all members from the Family Group on the iPhone and iPad or associate the device with an Apple ID that is not a member of a Family Group.

Check Contents

Review configuration settings to confirm Family Sharing is disabled. Note that this is a User Based Enforcement (UBE) control, which cannot be managed by an MDM server.

This check procedure is performed on the iPhone and iPad.

On the iPhone and iPad:
1. Open the Settings app.
2. At the top of the screen, if "Sign in to your iPhone" is listed, this requirement has been met.
3. If the user profile is signed into iCloud, tap the user name.
4. Tap "Family Sharing".
5. Verify no accounts are listed other than the "Organizer".

Note: The iPhone and iPad must be connected to the Internet to conduct this validation procedure. Otherwise, the device will display the notice "Family information is not available", in which case it cannot be determined if the configuration is compliant.

If accounts (names or email addresses) are listed under "FAMILY MEMBERS" on the iPhone and iPad, this is a finding.

Note: If the site has implemented DEP (not required), this setting can be managed via the MDM (supervised mode).

Vulnerability Number

V-228762

Documentable

False

Rule Version

AIOS-14-010000

Severity Override Guidance

Review configuration settings to confirm Family Sharing is disabled. Note that this is a User Based Enforcement (UBE) control, which cannot be managed by an MDM server.

This check procedure is performed on the iPhone and iPad.

On the iPhone and iPad:
1. Open the Settings app.
2. At the top of the screen, if "Sign in to your iPhone" is listed, this requirement has been met.
3. If the user profile is signed into iCloud, tap the user name.
4. Tap "Family Sharing".
5. Verify no accounts are listed other than the "Organizer".

Note: The iPhone and iPad must be connected to the Internet to conduct this validation procedure. Otherwise, the device will display the notice "Family information is not available", in which case it cannot be determined if the configuration is compliant.

If accounts (names or email addresses) are listed under "FAMILY MEMBERS" on the iPhone and iPad, this is a finding.

Note: If the site has implemented DEP (not required), this setting can be managed via the MDM (supervised mode).

Check Content Reference

M

Target Key

4231

Comments