Check: AIOS-17-012650
Apple iOS/iPadOS 17 STIG:
AIOS-17-012650
(in version v1 r1)
Title
Apple iOS/iPadOS 17 must implement the management setting: approved Apple Watches must be managed by an MDM. (Cat II impact)
Discussion
Authorizing official (AO) approval is required before an Apple Watch (DOD owned or personally owned) can be paired with a DOD-owned iPhone to ensure the AO has evaluated the risk in having sensitive DOD data transferred to and stored on an Apple Watch in their operational environment. SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
Determine if the site AO has approved the use of Apple Watch with DOD-owned iPhones. Look for a document showing approval. If not approved, this requirement is not applicable. If approved, verify on the MDM server that the Apple Watch is being managed by the MDM. Have the MDM system administrator show that the Apple Watch is being managed by the MDM. If the AO has approved pairing an Apple Watch with a DOD-owned iPhone and the Apple Watch is not being managed by the site MDM server, this is a finding. Note: The iPhone paired to the Apple Watch must be supervised for the MDM to manage the Apple Watch.
Fix Text
If the AO has not approved the use of Apple Watch with DOD-owned iPhones, this requirement is not applicable. If the AO has approved the use of Apple Watch with DOD-owned iPhones, enroll the Apple Watch in MDM management. Note: The iPhone paired to the Apple Watch must be supervised for the MDM to manage the Apple Watch.
Additional Identifiers
Rule ID: SV-258361r927766_rule
Vulnerability ID: V-258361
Group Title: PP-MDF-993300
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000097 |
The organization restricts or prohibits the use of organization-controlled portable storage devices by authorized individuals on external information systems. |
| CCI-000366 |
The organization implements the security configuration settings. |