STIGQter: STIG Summary: Apple iOS 12 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Jan 2019:

If an unmanaged third-party VPN client is installed on the iOS device, it must not be configured with a DoD network (work) VPN profile.

DISA Rule

SV-96477r1_rule

Vulnerability Number

V-81763

Group Title

PP-MDF-301060

Rule Version

AIOS-12-000800

Severity

CAT III

CCI(s)

• CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

10

Fix Recommendation

If a third-party unmanaged VPN app is installed on the iOS 12 device, do not configure the VPN app with a DoD network VPN profile.

Check Contents

Review the list of unmanaged apps installed on the iOS device and determine if any third-party VPN clients are installed. If yes, verify the VPN app is not configured with a DoD network (work) VPN profile.

This validation procedure is performed on the iOS device only.

On the iOS device, do the following:
1. Under Settings, VPN look to see if any "Personal VPN" exists.
2. If no, requirement has been met.
3. If yes, open each VPN app in turn. Review the list of VPN profiles configured on the VPN client.
4. Verify there are no DoD network VPN profiles configured on the VPN client.

If any third-party unmanaged VPN apps are installed (personal VPN) and has a DoD network VPN profile configured on the client, this is a finding.

Note: This setting cannot be managed by the MDM administrator and is a User Based Enforcement (UBE) requirement.

Vulnerability Number

V-81763

Documentable

False

Rule Version

AIOS-12-000800

Severity Override Guidance

Review the list of unmanaged apps installed on the iOS device and determine if any third-party VPN clients are installed. If yes, verify the VPN app is not configured with a DoD network (work) VPN profile.

This validation procedure is performed on the iOS device only.

On the iOS device, do the following:
1. Under Settings, VPN look to see if any "Personal VPN" exists.
2. If no, requirement has been met.
3. If yes, open each VPN app in turn. Review the list of VPN profiles configured on the VPN client.
4. Verify there are no DoD network VPN profiles configured on the VPN client.

If any third-party unmanaged VPN apps are installed (personal VPN) and has a DoD network VPN profile configured on the client, this is a finding.

Note: This setting cannot be managed by the MDM administrator and is a User Based Enforcement (UBE) requirement.

Check Content Reference

M

Target Key

3401

Comments