Apple iOS/iPadOS 18 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
PP-MDF-993300
Group -
Apple iOS/iPadOS 18 must disable "Allow network drive access in Files access".
Allowing network drive access by the Files app could lead to the introduction of malware or unauthorized software into the DOD IT infrastructure and compromise of sensitive DOD information and syst...Rule Medium Severity -
PP-MDF-993300
Group -
Apple iOS/iPadOS 18 must disable connections to Siri servers for the purpose of dictation.
If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DOD information systems. An adversary could exploi...Rule Medium Severity -
PP-MDF-993300
Group -
Apple iOS/iPadOS 18 must disable connections to Siri servers for the purpose of translation.
If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DOD information systems. An adversary could exploi...Rule Medium Severity -
PP-MDF-993300
Group -
PP-MDF-333350
Group -
PP-MDF-993300
Group -
Apple iOS/iPadOS 18 must be configured to disable "Auto Unlock" of the iPhone by an Apple Watch.
Auto Unlock allows an Apple Watch to automatically unlock an iPhone or Mac when in close proximity (not available for iPad). This feature allows the iPhone/Mac to be unlocked without the user enter...Rule Medium Severity -
PP-MDF-993300
Group -
Apple iOS/iPadOS 18 must disable the installation of alternative marketplace apps.
Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing s...Rule Medium Severity -
PP-MDF-993300
Group -
Apple iOS/iPadOS 18 must disable app installation from a website.
Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing s...Rule Medium Severity -
PP-MDF-993300
Group -
Apple iOS/iPadOS 18 must delete eSIM content when the device is erased.
An eSIM may contain sensitive DOD data and must be wiped of data when the mobile device is wiped to protect sensitive data from exposure. SFRID: FMT_MOF_EXT.1.2 #47Rule Medium Severity -
PP-MDF-993300
Group -
PP-MDF-993300
Group -
Apple iOS/iPadOS 18 must disable the download of iOS/iPadOS beta updates.
Beta operating system updates may contain features that could lead to the compromise of sensitive DOD information or provide a vector for the attack on the DOD network. The current STIG will not no...Rule Medium Severity -
Apple iOS/iPadOS 18 must allow the administrator (MDM) to perform the following management function: enable/disable VPN protection across the device and [selection: on a per-app basis, on a per-group of applications processes basis].
The system administrator must have the capability to configure VPN access to meet organization-specific policies based on mission needs. Otherwise, a user could inadvertently or maliciously set up ...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.