An error occurred:

Check: AIOS-02-000017

Apple iOS 7 STIG: AIOS-02-000017 (in version v1 r2)

Title

Apple iOS must encrypt iTunes backups. (Cat II impact)

Discussion

When syncing an iOS device to a computer running iTunes, iTunes will prompt the user to back up the iOS device. If the performed backup is not encrypted, this could lead to the unauthorized disclosure of DoD sensitive information if non-DoD personnel are able to access that machine. By forcing the backup to be encrypted, this greatly mitigates the risk of compromising sensitive data. iTunes backup and USB connections to computers are not authorized, but this control provides defense-in-depth for cases in which a user violates policy either intentionally or inadvertently.

Check Content

This check procedure is performed on the iOS Over-the-Air management tool. Note: If an organization has multiple configuration profiles, then the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS Over-the-Air management tool, verify "Force encrypted backups" is checked. For example, in Mobile Iron Admin Portal: 1. Ask the MDM administrator to display the "POLICIES & CONFIGS". 2. Click or tap on the word "Configurations". 3. Click or tap the configuration name. 4. Expand "Details" under "App Setting Details". 5. Verify "Force Encrypted Backup" is set to "true". Alternatively, verify the text "<key>forceEncryptedBackup</key><true/>" appears in the configuration profile (.mobileconfig file). On the iOS device: 1. Open the Settings app. 2. Tap "General". 3. Tap "Profiles". 4. Verify the configuration profile from the iOS Over-the-Air management tool is present. If "Force encrypted backups" is unchecked in the iOS Over-the-Air management tool, or "<key>forceEncryptedBackup</key><false/>" appears in the configuration profile, or the configuration profile from the iOS Over-the-Air management tool is not present on the iOS device, this is a finding.

Fix Text

Configure Apple iOS to force encrypted backups to iTunes. In the iOS Over-the-Air management tool, check "Force encrypted backups". For example, in Mobile Iron Admin Portal, edit the configuration and select "Force Encrypted Backup".

Additional Identifiers

Rule ID:

Vulnerability ID: V-43224

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings