Title

An iOS app must retain the notice and consent banner on the screen until the user executes a positive action to manifest agreement by selecting a box indicating acceptance. (Cat III impact)

Discussion

To ensure notice of and consent to the terms of the DoD standard user agreement, an iOS app must display a consent banner. Additionally, the app must prevent further activity in the application unless and until the user executes a positive action to manifest agreement, such as by tapping an acceptance button in the app. By preventing access to the system until the user accepts the conditions, legal requirements are met to protect the DoD and to remind users the device is designed and implemented for business use. Additional information is found in DoD Issuance DoDI 8500.01.

Check Content

This check procedure is performed on the iOS device only. On the iOS device: 1. Ask the MDM administrator to identify the app used to fulfill the requirement. 2. Launch the app. 3. Verify the user must perform a positive action to manifest agreement to the notice and consent banner before being allowed to perform other actions within the app. If the MDM administrator is unable to identify an app to fulfill the requirement, if there is no banner, or if user is able to perform actions within the app without accepting the banner statement, this is a finding.

Fix Text

Install an app that does not permit the user to perform functions in the app before accepting the notice and consent banner.

Additional Identifiers

Rule ID:

Vulnerability ID: V-43227

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.