An error occurred:

Check: AIOS-12-012500

Apple iOS 12 STIG: AIOS-12-012500 (in versions v2 r1 through v1 r1)

Title

Apple iOS must implement the management setting: enable USB Restricted Mode. (Cat II impact)

Discussion

The USB lightning port on an iOS device can be used to access data on the device. The required settings is that this control ensures the iOS device password is entered before a previously trusted USB accessory can connect to the device. SFR ID: FMT_SMF_EXT.1.1 #47

Check Content

Review configuration settings to confirm USB Restricted Mode is enabled. Note that this is a User based Enforcement (UBE) control, unless Supervised mode has been implemented on the iOS device. This check procedure is performed on the Apple iOS device (non-Supervised) or on an Apple iOS management tool (Supervised). If the device is not Supervised, on the Apple iOS device: 1. Open the Settings app. 2. Tap "Touch ID & Passcode" or "Face ID & Passcode". 3. Scroll down to the "USB Accessories" setting. 4. Verify the "USB Accessories" setting is off. If the device is Supervised, in the Apple iOS management tool, verify "Allow USB Accessories while device is locked" is checked (enabled). Note: The label for this configuration setting varies between MDM products. Ensure the setting is configured to disable USB accessory connection unless the device passcode is entered. If the "USB Accessories" setting on the iOS device is not off or "Allow USB Accessories while device is locked" is not checked on the iOS management tool, this is a finding.

Fix Text

If the iOS device is not Supervised, the user must disable "USB Accessories" on their iOS device. If the iOS device is Supervised, check (enable) "Allow USB Accessories while device is locked" on the Apple iOS management tool. Note: The label for this configuration setting varies between MDM products. Ensure the setting is configured to disable USB accessory connection unless the device passcode is entered.

Additional Identifiers

Rule ID: SV-96555r1_rule

Vulnerability ID: V-81841

Group Title: PP-MDF-991000

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000097

The organization restricts or prohibits the use of organization-controlled portable storage devices by authorized individuals on external information systems.
CCI-000366

The organization implements the security configuration settings.
CCI-000370

The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-20 (2)

Portable Storage Devices
CM-6

Configuration Settings
CM-6 (1)

Automated Central Management / Application / Verification