An error occurred:

Check: AIOS-03-000001

Apple iOS 7 STIG: AIOS-03-000001 (in version v1 r2)

Title

Only DoD PKI issued or DoD approved server authentication certificates must be installed on DoD mobile operating system devices. (Cat II impact)

Discussion

If unauthorized device authentication certificates are installed on the device, there is the potential that the device may connect to a rogue device or network. Rogue devices can mimic the behavior of authorized equipment to trick the user into providing authentication credentials, which could then in turn be used to compromise DoD information and networks. Restricting device authentication certificates to an authorized list mitigates the risk of attaching to rogue devices and networks.

Check Content

This check procedure is performed on both the iOS Over-the-Air management tool and the iOS device. Note: If an organization has multiple configuration profiles, then the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS Over-the-Air management tool, verify "Certificate Inventory" has only authorized certificates installed. For example, in Mobile Iron Admin Portal: 1. Ask the MDM administrator to display the "USERS & DEVICES". 2. Click or tap on the word "Devices". 3. Click or tap the user. 4. Click or tap the "iOS" disclosure triangle under "Device Details". 5. Click or tap "Certificate Inventory". 6. Verify the certificates listed in the "Certificate Details" window are authorized. On the iOS device: 1. Open Settings app. 2. Tap "General". 3. Tap "Profiles". 4. Review each "CONFIGURATION PROFILES". If only one profile is present on the device, it will appear automatically. 5. Tap "More Details". 6. Verify listed "CERTIFICATES" are authorized. If any non DoD authorized certificates are present in the iOS Over-the-Air management tool or on the iOS device, this is a finding.

Fix Text

Instruct the user of the iOS device to remove the unauthorized certificates.

Additional Identifiers

Rule ID:

Vulnerability ID: V-43208

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001159

The organization issues public key certificates under an organization-defined certificate policy or obtains public key certificates from an approved service provider.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-17

Public Key Infrastructure Certificates