An error occurred:

Check: AIOS-17-013300

Apple iOS/iPadOS 17 STIG: AIOS-17-013300 (in version v1 r1)

Title

Apple iOS/iPadOS 17 must disable "Allow USB drive access in Files app" if the authorizing official (AO) has not approved the use of DOD-approved USB storage drives with iOS/iPadOS devices. (Cat II impact)

Discussion

Unauthorized use of USB storage drives could lead to the introduction of malware or unauthorized software into the DOD IT infrastructure and compromise of sensitive DOD information and systems. SFR ID: FMT_SMF_EXT.1.1 #47

Check Content

This requirement is not applicable if the AO has approved the use of USB drives to load files to Apple devices. The approval must be in writing and include which USB storage devices are approved for use. If the AO has not approved the use of USB drives to load files to Apple devices, use the following procedures to verify compliance. This a supervised-only control. If the iPhone or iPad being reviewed is not supervised by the MDM, this control is automatically a finding. If the iPhone or iPad being reviewed is supervised by the MDM, review configuration settings to confirm "Allow USB drive access in Files app" is disabled. This check procedure is performed on both the device management tool and the iPhone and iPad. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS management tool, verify "Allow USB drive access in Files app" is unchecked. On the iPhone and iPad device: 1. Open the Settings app. 2. Tap "General". 3. Tap "VPN & Device Management". 4. Tap the Configuration Profile from the iOS management tool containing the restrictions policy. 5. Tap "Restrictions". 6. Verify "USB drives not accessible in Files app" is listed. If "Allow USB drive access in Files app" is not disabled in the management tool and "USB drives not accessible in Files app" is not listed in the Restrictions profile on the Apple device, this is a finding.

Fix Text

If the AO has not approved the use of USB drives to load files to Apple devices, install a configuration profile to disable "Allow USB drive access in Files app".

Additional Identifiers

Rule ID: SV-259193r935549_rule

Vulnerability ID: V-259193

Group Title: PP-MDF-333240

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000097

The organization restricts or prohibits the use of organization-controlled portable storage devices by authorized individuals on external information systems.
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-20 (2)

Portable Storage Devices
CM-6

Configuration Settings