Check: AIOS-16-014800
Apple iOS/iPadOS 16 STIG:
AIOS-16-014800
(in version v1 r1)
Title
Apple iOS/iPadOS 16 must be configured to disable Auto Unlock of the iPhone by an Apple Watch. (Cat II impact)
Discussion
Auto Unlock allows an Apple Watch to automatically unlock an iPhone or Mac when in close proximity (not available for iPad). This feature allows the iPhone/Mac to be unlocked without the user entering the device passcode, which may lead to unauthorized users access to the iPhone/Mac and sensitive DoD data. This control is not applicable if the authorizing official (AO) has approved the use of Apple Watches. SFR ID: FMT_MOF_EXT.1.2 #47
Check Content
Determine if the site AO has approved the use of Apple Watch with DoD-owned iPhones. Look for a document showing approval. If not approved, review configuration settings to confirm "Allow Auto Unlock" is disabled. If approved, this requirement is not applicable. This check procedure is performed on the device management tool. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS management tool, verify "Allow auto unlock" is not checked. If Allow auto unlock is enabled, this is a finding.
Fix Text
If the AO has not approved the use of Apple Watch with DoD-owned iPhones, configure the Apple iOS configuration profile to disable "Allow auto unlock". The procedure for implementing this control will vary depending on the MDM/EMM used by the mobile service provider. In the MDM console, set "Allow auto unlock" to "False".
Additional Identifiers
Rule ID: SV-254641r862236_rule
Vulnerability ID: V-254641
Group Title: PP-MDF-990000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000767 |
The information system implements multifactor authentication for local access to privileged accounts. |
CCI-002235 |
The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. |