AIOS-14-000500 - The mobile operating system must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods].

Information

If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to compromise DoD-sensitive Information.

SFR ID: FMT_SMF_EXT.1.1 #3

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

If a third-party unmanaged VPN app is installed on the iOS 14 device, do not configure the VPN app with a DoD network VPN profile.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS_iPadOS_14_V1R3_STIG.zip

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-17e., 800-53|CM-6(1), 800-53|CM-6b., CAT|III, CCI|CCI-000066, CCI|CCI-000366, CCI|CCI-000370, Rule-ID|SV-228733r561031_rule, STIG-ID|AIOS-14-000500, Vuln-ID|V-228733

Plugin: MDM

Control ID: 7c1005ef6c722fde018dbae8f5b0eb93107b42e7dde33c99c2a0cfed9dabd0d5