STIGQter: STIG Summary: Apple iOS/iPadOS 14 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The Apple iOS/iPadOS must be supervised by the MDM.

DISA Rule

SV-228777r619923_rule

Vulnerability Number

V-228777

Group Title

PP-MDF-991000

Rule Version

AIOS-14-011600

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-000370 - The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components.
• CCI-000097 - The organization restricts or prohibits the use of organization-controlled portable storage devices by authorized individuals on external information systems.

Weight

10

Fix Recommendation

Use one of the following methods to supervise iOS and iPadOS devices managed by the DoD mobile service provider.

Method 1:
-Register all current and new iOS and iPadOS devices in the DoD mobile service provider's Device Enrollment Program (DEP)/Apple Business Manager (ABM) account.
-Enable Supervision of managed iOS/iPadOS devices in the MDM.

Method 2:
-Configure each iOS/iPadOS device using the Apple Configurator tool for Supervision. This method is usually only appropriate when MDM management of the DoD Apple device is not appropriate or an older device cannot be registered in DEP/ABM.

Check Contents

Review configuration settings to confirm site managed iOS/iPadOS devices are supervised.

This check procedure is performed on both the Apple iOS/iPadOS management tool and the iPhone and iPad.

Note: If an organization has multiple configuration profiles, then the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.

In the iOS management tool, verify all managed Apple devices are supervised (verification procedure will vary by MDM product).

Note: if the Apple device is not managed by an MDM and supervision is set up via Apple Configurator, this procedure is not applicable.

On the iPhone and iPad:
1. Open the Settings app.
2. Verify a message similar to the following appears on the screen: "This iPad is supervised by (name of site DoD mobile service provider)."

If site managed iOS/iPadOS devices are not supervised, this is a finding.

Vulnerability Number

V-228777

Documentable

False

Rule Version

AIOS-14-011600

Severity Override Guidance

Review configuration settings to confirm site managed iOS/iPadOS devices are supervised.

This check procedure is performed on both the Apple iOS/iPadOS management tool and the iPhone and iPad.

Note: If an organization has multiple configuration profiles, then the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.

In the iOS management tool, verify all managed Apple devices are supervised (verification procedure will vary by MDM product).

Note: if the Apple device is not managed by an MDM and supervision is set up via Apple Configurator, this procedure is not applicable.

On the iPhone and iPad:
1. Open the Settings app.
2. Verify a message similar to the following appears on the screen: "This iPad is supervised by (name of site DoD mobile service provider)."

If site managed iOS/iPadOS devices are not supervised, this is a finding.

Check Content Reference

M

Target Key

4231

Comments