AIOS-13-004000 - Apple iOS/iPadOS must not allow backup of managed app data to locally connected systems.

Information

Data on mobile devices is protected by numerous mechanisms, including user authentication, access control, and cryptography. When the data is backed up to an external system (either locally connected or cloud-based), many if not all of these mechanisms are no longer present. This leaves the backed-up data vulnerable to attack. Disabling backup to external systems mitigates this risk.

SFR ID: FMT_SMF_EXT.1.1 #40

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Install a configuration profile to disable backup of managed apps.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS_iPadOS_13_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., 800-53|CM-11b., CAT|II, CCI|CCI-000366, CCI|CCI-001806, Rule-ID|SV-219357r604137_rule, STIG-ID|AIOS-13-004000, STIG-Legacy|SV-106545, STIG-Legacy|V-97441, Vuln-ID|V-219357

Plugin: MDM

Control ID: c7f245ef1f62603ed716ad7dcb7a612b193f0de3137ee767b5f66d466d4883c8