An error occurred:

Check: AIOS-26-016300

Apple iOS/iPadOS 26 STIG: AIOS-26-016300 (in version v1 r2)

Title

Apple iOS/iPadOS 26 must disable the use voice assistant (Siri suggestions) unless required to meet Section 508 compliance requirements. (Cat III impact)

Discussion

The use of voice assistants could expose sensitive DOD data to cloud-based servers during the processing of assistant requests. SFR ID: FMT_MOF_EXT.1.2 #47

Check Content

Review configuration settings to confirm it is disabled. Exception - Siri allowed to meet Section 508 compliance requirements. Note: This control may not be configurable by some MDM products when "Allow Siri" is disabled. This is a supervised-only control. If the iPhone or iPad being reviewed is not supervised by the MDM, this control is automatically a finding. If the iPhone or iPad being reviewed is supervised by the MDM, follow these procedures: This check procedure is performed on both the device management tool and the iPhone and iPad device. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS/iPadOS management tool, verify "Allow Siri Suggestions" or "Allow Siri" is unchecked. On the iPhone/iPad device: 1. Open the Settings app. 2. Tap "General". 3. Tap "VPN & Device Management". 4. Tap the Configuration Profile from the iOS management tool containing the restrictions policy. 5. Tap "Restrictions". 6. Verify "Siri Suggestions not allowed" or "Siri not allowed" is listed. If "Siri Suggestions" is not disabled or Siri is not disabled in the management tool and on the Apple device, this is a finding.

Fix Text

Install a configuration profile to disable "Allow Siri Suggestions", unless required to meet Section 508 compliance requirements. This is a supervised-only control. Note: This control may not be configurable by some MDM products when "Allow Siri" is disabled. Configuration Profile Key:allowSpotlightInternetResults

Additional Identifiers

Rule ID: SV-278835r1151205_rule

Vulnerability ID: V-278835

Group Title: PP-MDF-993300

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings