Check: AIOS-13-001900
Apple iOS/iPadOS 13 STIG:
AIOS-13-001900
(in versions v2 r1 through v1 r1)
Title
Apple iOS/iPadOS must not display notifications (calendar information) when the device is locked. (Cat II impact)
Discussion
Many mobile devices display notifications on the lock screen so that users can obtain relevant information in a timely manner without having to frequently unlock the phone to determine if there are new notifications. However, in many cases, these notifications can contain sensitive information. Notifications on the lock screen can be viewed by an adversary merely by being in close physical proximity to the device. Configuring the MOS to not send notifications to the lock screen mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #19
Check Content
Review configuration settings to confirm "Show Today view in Lock screen" is disabled. This check procedure is performed on both the Apple iOS/iPadOS management tool and the iPhone and iPad. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the Apple iOS/iPadOS management tool, verify "Show Today view in Lock screen" is unchecked. Alternatively, verify the text "<key>allowLockScreenTodayView</key><false/>" appears in the configuration profile (.mobileconfig file). On the iPhone and iPad: 1. Open the Settings app. 2. Tap "General". 3. Tap "Profiles & Device Management". 4. Tap the Configuration Profile from the iOS management tool containing the management policy. 5. Tap "Restrictions". 6. Verify "Today view on lock screen not allowed" is present. If the "Show Today view in Lock screen" is checked in the Apple iOS/iPadOS management tool, "<key>allowLockScreenTodayView</key><true/>" appears in the configuration profile, or the restrictions policy on the iPhone and iPad does not list "Today view on lock screen not allowed", this is a finding.
Fix Text
Install a configuration profile to disable Notification Center from the device Lock screen.
Additional Identifiers
Rule ID: SV-219355r604137_rule
Vulnerability ID: V-219355
Group Title: PP-MDF-301120
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-001806 |
The organization defines methods to be employed to enforce the software installation policies. |