Check: AIOS-13-011400
Apple iOS/iPadOS 13 STIG:
AIOS-13-011400
(in versions v2 r1 through v1 r1)
Title
iPhone and iPad must have the latest available iOS operating system installed. (Cat I impact)
Discussion
Required security features are not available in earlier OS versions. In addition, there may be known vulnerabilities in earlier versions. SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
Review configuration settings to confirm the most recently released version of iOS is installed. This validation procedure is performed on both the Apple iOS/iPadOS management tool and the iPhone and iPad. Go to http://www.apple.com and determine the most current version of iOS released by Apple. In the MDM management console, review the version of iOS installed on a sample of managed devices. This procedure will vary depending on the MDM product. On the iPhone and iPad: 1. Open the Settings app. 2. Tap "General". 3. Tap "About" and view the installed version of iOS. 4. Go back to the "General" screen. Also, tap "Software Update" and verify the following message is shown on the screen: "Your software is up to date." If the installed version of iOS on any reviewed iOS/iPadOS devices is not the latest released by Apple, this is a finding.
Fix Text
Install the latest release version of Apple iOS/iPadOS on all managed iOS devices.
Additional Identifiers
Rule ID: SV-219375r604137_rule
Vulnerability ID: V-219375
Group Title: PP-MDF-991000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-000370 |
The organization employs automated mechanisms to centrally manage configuration settings for organization-defined information system components. |
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |