Apple iOS/iPadOS 17 users must complete required training.
An XCCDF Rule
Description
<VulnDiscussion>The security posture on iOS devices requires the device user to configure several required policy rules on their device. User-Based Enforcement (UBE) is required for these controls. In addition, if the authorizing official (AO) has approved users' full access to the Apple App Store, users must receive training on risks. If a user is not aware of their responsibilities and does not comply with UBE requirements, the security posture of the iOS mobile device and DOD sensitive data may become compromised. SFR ID: NA</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-259787r943686_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Have all iPhone and iPad users complete training on the following topics. Users must acknowledge receipt of training via a signed User Agreement or similar written record.
Training topics:
- How to ensure "USB Restricted Mode" is disabled on Apple device.
- Operational security concerns introduced by unmanaged applications, including applications using global positioning system (GPS) tracking.
- Must ensure no DOD data is saved in an unmanaged app or transmitted from a personal app (for example, from personal email).