Check: AIOS-16-014400
Apple iOS/iPadOS 16 STIG:
AIOS-16-014400
(in version v1 r1)
Title
Apple iOS/iPadOS 16 must disable connections to Siri servers for the purpose of dictation. (Cat II impact)
Discussion
If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to compromise DoD sensitive information. Dictation information could contain sensitive DoD information and therefore should not leave the DoD control. SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
If the iPhone or iPad being reviewed is supervised by the MDM, review configuration settings to confirm "Disable connections to Siri servers for the purpose of dictation" is disabled. This check procedure is performed on the device management tool. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS management tool, verify "Disable connections to Siri servers for the purpose of dictation" is checked. If connections to Siri servers are not disabled for dictation, this is a finding.
Fix Text
Configure the Apple iOS configuration profile to disable connections to Siri servers for the purpose of dictation. This a supervised-only control. The procedure for implementing this control will vary depending on the MDM/EMM used by the mobile service provider. In the MDM console, select "disable connections to Siri servers for the purpose of dictation".
Additional Identifiers
Rule ID: SV-254638r862230_rule
Vulnerability ID: V-254638
Group Title: PP-MDF-990000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000097 |
The organization restricts or prohibits the use of organization-controlled portable storage devices by authorized individuals on external information systems. |
CCI-000366 |
The organization implements the security configuration settings. |
CCI-000370 |
The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components. |