Check: AIOS-13-013800
Apple iOS/iPadOS 13 STIG:
AIOS-13-013800
(in versions v2 r1 through v1 r1)
Title
Apple iOS/iPadOS must disable Allow USB drive access in Files access if the AO has not approved the use of DoD approved USB storage drives with iOS/iPadOS devices. (Cat II impact)
Discussion
Unauthorized use of USB storage drives could lead to the introduction of malware or unauthorized software into the DoD IT infrastructure and compromise of sensitive DoD information and systems. SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
This requirement is not applicable if the AO has approved the use of USB drives to load files to Apple devices. The approval must be in writing and include which USB storage devices are approved for use. If the AO has not approved the use of USB drives to load files to Apple devices, use the following procedures for verifying compliance: This a Supervised-only control. If the iPhone or iPad being reviewed is not Supervised by the MDM, this control is automatically a finding. If the iPhone or iPad being reviewed is Supervised by the MDM, review configuration settings to confirm "Allow USB drive access in Files access" is disabled. This check procedure is performed on both the device management tool and the iPhone and iPad. Note: If an organization has multiple configuration profiles, then the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS management tool, verify "Allow USB drive access in Files access" is unchecked. On the iPhone and iPad device: 1. Open the Settings app. 2. Tap "General". 3. Tap "Profiles" or "Profiles & Device Management" or "Device Management". 4. Tap the Configuration Profile from the iOS management tool containing the restrictions policy. 5. Tap "Restrictions". 6. Verify "Allow USB drive access in Files access" is not listed. If "Allow USB drive access in Files access" is not disabled in both the management tool and on the Apple device, this is a finding.
Fix Text
If the AO has not approved the use of USB drives to load files to Apple devices, install a configuration profile to disable "Allow USB drive access in Files access".
Additional Identifiers
Rule ID: SV-219395r604137_rule
Vulnerability ID: V-219395
Group Title: PP-MDF-991000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000097 |
The organization restricts or prohibits the use of organization-controlled portable storage devices by authorized individuals on external information systems. |
CCI-000366 |
The organization implements the security configuration settings. |
CCI-000370 |
The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components. |