An error occurred:

Check: AIOS-18-016900

Apple iOS/iPadOS 18 STIG: AIOS-18-016900 (in version v1 r4)

Title

Apple iOS/iPadOS 18 must enable AirPrint feature: Disallow AirPrint to destinations with untrusted certificates. (Cat III impact)

Discussion

AirPrint allows the printing of sensitive DOD documents to non-DOD controlled printers, which may lead to the exposure of sensitive DOD information. SFR ID: FMT_MOF_EXT.1.2 #47

Check Content

Review configuration settings to confirm allowing AirPrint to destinations with untrusted certificates is disabled. This is a supervised-only control. If the iPhone or iPad being reviewed is not supervised by the MDM, this control is automatically a finding. Note: This control may not be configurable by some MDM products when "Allow AirPrint" is disabled. If the iPhone or iPad being reviewed is supervised by the MDM, follow these procedures: This check procedure is performed on both the device management tool and the iPhone and iPad device. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS/iPadOS management tool, verify "Disallow AirPrint to destinations with untrusted certificates" is checked or "Allow AirPrint" is unchecked. On the iPhone/iPad device: 1. Open the Settings app. 2. Tap "General". 3. Tap "VPN & Device Management". 4. Tap the Configuration Profile from the iOS management tool containing the restrictions policy. 5. Tap "Restrictions". 6. Verify "Allow AirPrint to destinations with untrusted certificates" or "AirPrint not allowed" is listed. If "Disallow AirPrint to destinations with untrusted certificates" is disabled or AirPrint is not disabled in the management tool and on the Apple device, this is a finding.

Fix Text

Install a configuration profile to enable "Disallow AirPrint to destinations with untrusted certificates". This is a supervised-only control. Note: This control may not be configurable by some MDM products when "Allow AirPrint" is disabled.

Additional Identifiers

Rule ID: SV-276208r1115693_rule

Vulnerability ID: V-276208

Group Title: PP-MDF-993300

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings