Title

Apple iOS must not store Personally Identifiable Information (PII) in Medical ID in the Health app. (Cat II impact)

Discussion

Citing Government Accountability Office GAO Report 08-536's expression of the definitions of PII from Office of Management and Budget Memorandums 07-16 and 06-19, NIST Special Publication 800-122 states, "PII is any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information." The Medical ID in the Health app contains fields for the user's name, date of birth, and medical information, including medical conditions and allergies. It also enables a user to include an personally identifying photograph and list the user's weight, both of which are listed as potential PII in NIST SP 80-122. Avoiding use of the Medical ID mitigates the risk of improper PII disclosure. SFR ID: FMT_SMF.1.1 #42

Check Content

Review configuration settings to confirm the Medical ID in the Health app does not contain PII. This check procedure is performed on the iOS device only. On the iOS device: 1. Open the Health app. 2. Tap "Medical ID". 3. Verify that no information has been entered into any of listed fields. 4. Verify that there is not a photo of the user. If the user's photo or any data appears in Medical ID, this is a finding.

Fix Text

The user must remove PII from Medical ID in the Health App.

Additional Identifiers

Rule ID:

Vulnerability ID: V-54311

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.