The EMM system supporting the iOS/iPadOS 17 BYOAD must be NIAP validated (included on the NIAP list of compliant products or products in evaluation) unless the DOD CIO has granted an approved Exception to Policy (E2P).
An XCCDF Rule
Description
<VulnDiscussion>Note: For a virtual mobile infrastructure (VMI) solution, both the client and server components must be NIAP compliant. Nonapproved EMM systems may not include sufficient controls to protect work data, applications, and networks from malware or adversary attack. EMM systems include mobile device management (MDM), mobile application management (MAM), mobile content management (MCM), or VMI. Components must only approve devices listed on the NIAP product compliant list or products listed in evaluation at the following links respectively: - https://www.niap-ccevs.org/Product/ - https://www.niap-ccevs.org/Product/PINE.cfm Reference: DOD policy "Use of Non-Government Mobile Devices". 3.a.(2). SFR ID: FMT_SMF_EXT.1.1 #47</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-259755r943590_rule
- Severity
- High
- References
- Updated
Remediation - Manual Procedure
Only use an EMM system supporting the iOS/iPadOS 17 BYOAD that is NIAP validated (included on the NIAP list of compliant products or products in evaluation) unless the DOD CIO has granted an approved E2P.
Note: For a VMI solution, both the client and server components must be NIAP compliant.