An error occurred:

Check: AIOS-17-011600

Apple iOS/iPadOS 17 STIG: AIOS-17-011600 (in version v1 r1)

Title

Apple iOS/iPadOS 17 must implement the management setting: not have any Family Members in Family Sharing. (Cat III impact)

Discussion

Apple's Family Sharing service allows Apple iOS/iPadOS users to create a Family Group whose members have several shared capabilities, including the ability to lock, wipe, play a sound on, or locate the iPhone and iPads of other members. Each member of the group must be invited to the group and accept that invitation. A DOD user's iPhone and iPad may be inadvertently or maliciously wiped by another member of the Family Group. This poses a risk that the user could be without a mobile device for a period of time or lose sensitive information that has not been backed up to other storage media. Configuring iPhone and iPads so their associated Apple IDs are not members of Family Groups mitigates this risk. Note: If the site uses Apple's optional Automatic Device Enrollment, this control is available as a supervised MDM control. SFR ID: FMT_SMF_EXT.1.1 #47

Check Content

Review configuration settings to confirm Family Sharing is disabled. Note that this is a User-Based Enforcement (UBE) control, which cannot be managed by an MDM server. This check procedure is performed on the iPhone and iPad. On the iPhone and iPad: 1. Open the Settings app. 2. At the top of the screen, if "Sign in to your iPhone" is listed, this requirement has been met. 3. If the user profile is signed into iCloud, tap the user name. 4. Tap "Family Sharing". 5. Verify no accounts are listed other than the "Organizer". Note: The iPhone and iPad must be connected to the internet to conduct this validation procedure. Otherwise, the device will display the notice "Family information is not available", in which case configuration compliance cannot be determined. If accounts (names or email addresses) are listed under "FAMILY MEMBERS" on the iPhone and iPad, this is a finding.

Fix Text

The user must either remove all members from the Family Group on the iPhone and iPad or associate the device with an Apple ID that is not a member of a Family Group.

Additional Identifiers

Rule ID: SV-258351r927736_rule

Vulnerability ID: V-258351

Group Title: PP-MDF-993300

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.
CCI-002008

The organization, for PKI-based authentication, employs a deliberate organization-wide methodology for managing the content of PKI trust stores installed across all platforms including networks, operating systems, browsers, and applications.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings
IA-5 (14)

Managing Content Of Pki Trust Stores