AIOS-14-010100 - Apple iOS/iPadOS must implement the management setting: not share location data through iCloud.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Sharing of location data is an operations security (OPSEC) risk because it potentially allows an adversary to determine a DoD user's location, movements, and patterns in those movements over time. An adversary could use this information to target the user or to gather intelligence on the user's likely activities. Using commercial cloud services to store and handle location data could leave the data vulnerable to breach, particularly by sophisticated adversaries. Disabling the use of such services mitigates this risk.

SFR ID: FMT_SMF_EXT.1.1 #47

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

The user must configure Apple iOS/iPadOS to disable location sharing through iCloud.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS_iPadOS_14_V1R2_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000048, Rule-ID|SV-228763r561046_rule, STIG-ID|AIOS-14-010100, Vuln-ID|V-228763

Plugin: MDM

Control ID: 9d9ff57d4acc555cc7467bc9220f7f1b3d4cdc1849757d646e7e74ddb8417416