Detections
Analytics
AIOS-14-000500 - The mobile operating system must provide the capability for the Administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: other methods].
Information
If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DoD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to compromise DoD-sensitive Information.SFR ID: FMT_SMF_EXT.1.1 #3
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
If a third-party unmanaged VPN app is installed on the iOS 14 device, do not configure the VPN app with a DoD network VPN profile.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_iOS_iPadOS_14_V1R3_STIG.zip
Item Details
Audit Name: MobileIron - DISA Apple iOS/iPadOS 14 v1r3
Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT
References: 800-53|AC-17b., 800-53|CM-6(1), 800-53|CM-6b., CAT|III, CCI|CCI-000066, CCI|CCI-000366, CCI|CCI-000370, Rule-ID|SV-228733r561031_rule, STIG-ID|AIOS-14-000500, Vuln-ID|V-228733
Plugin: MDM
Control ID: 365581980fdfd17018fd2fdc2f32e99c01c2c73be8ec3829ee898f8f670964ae