Detections
Analytics
AIOS-17-014800 - Apple iOS/iPadOS 17 must be configured to disable 'Auto Unlock' of the iPhone by an Apple Watch - Auto Unlock of the iPhone by an Apple Watch.
Information
Auto Unlock allows an Apple Watch to automatically unlock an iPhone or Mac when in close proximity (not available for iPad). This feature allows the iPhone/Mac to be unlocked without the user entering the device passcode, which may lead to unauthorized users access to the iPhone/Mac and sensitive DOD data. This control is not applicable if the authorizing official (AO) has approved the use of Apple Watches.SFR ID: FMT_MOF_EXT.1.2 #47
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
If the AO has not approved the use of Apple Watch with DOD-owned iPhones, configure the Apple iOS configuration profile to disable 'Allow auto unlock'.The procedure for implementing this control will vary depending on the MDM/EMM used by the mobile service provider.
In the MDM console, set 'Allow auto unlock' to 'False'.
This requirement will become 'Supervised only' in a future iOS/iPadOS release.
See Also
https://public.cyber.mil/wp-content/uploads/U_Apple_iOS-iPadOS_17_V2R2_STIG.zip
Item Details
Audit Name: MobileIron - DISA Apple iOS/iPadOS 17 v2r2
Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
References: 800-53|AC-6(10), 800-53|IA-2(1), 800-53|IA-2(3), CAT|II, CCI|CCI-000765, CCI|CCI-000767, CCI|CCI-002235, Rule-ID|SV-258376r1015682_rule, STIG-ID|AIOS-17-014800, Vuln-ID|V-258376
Plugin: MDM
Control ID: 607ccfe93bf1981f14d0b94ae14d9af4a9181fec2f697309c1ecd06c6623323f