Check: AIOS-11-012300
Apple iOS 11 STIG:
AIOS-11-012300
(in versions v1 r4 through v1 r1)
Title
Apple iOS must implement the management setting: not share location data through iCloud. (Cat II impact)
Discussion
Sharing of location data is an operations security (OPSEC) risk because it potentially allows an adversary to determine a DoD user's location and movements and patterns in those movements over time. An adversary could use this information to target the user or to gather intelligence on the user's likely activities. Using commercial cloud services to store and handle location data could leave the data vulnerable to breach, particularly by sophisticated adversaries. Disabling the use of such services mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
Review configuration settings to confirm "Share My Location" is disabled. Note that this is a User based Enforcement (UBE) control, which cannot be managed by an MDM server. This check procedure is performed on the Apple iOS device only. On the Apple iOS device: 1. Open the Settings app. 2. Tap "Privacy". 3. Tap "Location Services". 4. Tap "Share My Location". 5. Verify "Share My Location" is off. If "Share My Location" is toggled to the right and appears green on the Apple iOS device, this is a finding.
Fix Text
The user must configure Apple iOS to disable location sharing through iCloud.
Additional Identifiers
Rule ID: SV-93137r1_rule
Vulnerability ID: V-78431
Group Title: PP-MDF-991000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |