An error occurred:

Apple iOS 10 STIG Version Comparison

Apple iOS 10 Security Technical Implementation Guide

Comparison

There are 1 differences between versions v1 r1 (Oct. 19, 2016) (the "left" version) and v1 r3 (April 28, 2017) (the "right" version).

Check AIOS-98-080028 was removed from the benchmark in the "right" version. The text below reflects the old wording.

This check's original form is available here.

Text Differences

Title

Apple iOS must enforce an application installation policy by specifying an application whitelist.

Check Content

Review configuration settings to confirm approved apps are included on the whitelist. This check procedure is performed on both the Apple iOS management tool and the Apple iOS device. In the MDM management console, verify the approved apps are included in the list of whitelisted applications. This procedure will vary depending on the MDM product. On the Apple iOS device: 1. Open the Settings app. 2. Tap "General". 3. Tap "Profiles & Device Management". 4. Tap "Restrictions". 5. Verify "Whitelisted applications added" is present. If apps other than approved apps are listed in the iOS management tool app whitelist or the restrictions policy on the Apple iOS device from the Apple iOS management tool does not list "Whitelisted applications added", this is a finding.

Discussion

Requiring all authorized applications to be in an application whitelist prevents the execution of any applications (e.g., unauthorized, malicious) that are not part of the whitelist. Failure to configure an application whitelist properly could allow unauthorized and malicious applications to be downloaded, installed, and executed on the mobile device, causing a compromise of DoD data accessible by these applications. The application whitelist, in addition to controlling the installation of applications on the MD, must control user access/execution of all core applications (included in the operating system (OS) by the OS vendor) and pre-installed applications (provided by the MD vendor and wireless carrier), or the MD must provide an alternate method of restricting user access/execution to core and pre-installed applications. SFR ID: FMT_SMF_EXT.1.1 #10b

Fix

Configure the Apple iOS configuration profile to allow only whitelisted apps.