Check: AIOS-17-010850
Apple iOS/iPadOS 17 STIG:
AIOS-17-010850
(in version v1 r1)
Title
Apple iOS/iPadOS 17 must implement the management setting: not allow use of iPhone widgets on Mac. (Cat III impact)
Discussion
iPhone widgets on Mac use Handoff. Handoff permits a user of an iPhone and iPad to transition user activities from one device to another. Handoff passes sufficient information between the devices to describe the activity, but app data synchronization associated with the activity is handled though iCloud, which should be disabled on a compliant iPhone and iPad. If a user associates both DOD and personal devices to the same Apple ID, the user may improperly reveal information about the nature of the user's activities on an unprotected device. Disabling Handoff mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
Review configuration settings to confirm "Allow iPhone Widget on Mac" is disabled. This a supervised-only control. If the iPhone or iPad being reviewed is not supervised by the MDM, this control is automatically a finding. This check procedure is performed only on the Apple iOS/iPadOS management tool. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the Apple iOS/iPadOS management tool, verify "iPhone Widget on Mac" is unchecked. If "Allow iPhone Widget on Mac" is checked in the Apple iOS/iPadOS management tool, this is a finding.
Fix Text
Install a configuration profile to disable the installation of iPhone widgets on Mac. This a supervised-only control.
Additional Identifiers
Rule ID: SV-258343r927712_rule
Vulnerability ID: V-258343
Group Title: PP-MDF-993300
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |