The Apple iOS/iPadOS 16 must be supervised by the MDM.
An XCCDF Rule
Description
<VulnDiscussion>When an iOS/iPadOS is not supervised, the DoD mobile service provider cannot control when new iOS/iPadOS updates are installed on site-managed devices. Most updates should be installed immediately to mitigate new security vulnerabilities, while some sites need to test each update prior to installation to ensure critical missions are not adversely impacted by the update. Several password and data protection controls can be implemented only when an Apple device is supervised. SFR ID: FMT_SMF_EXT.1.1 #47</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-254633r959010_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Use one of the following methods to supervise iOS and iPadOS devices managed by the DoD mobile service provider.
Method 1:
- Register all current and new iOS and iPadOS devices in the DoD mobile service provider's Automated Device Management/Apple Business Manager (ABM) account.
- Enable supervision of managed iOS/iPadOS devices in the MDM.