Apple iOS must implement the management setting: Not allow a user to remove Apple iOS configuration profiles that enforce DoD security requirements.

An XCCDF Rule

Description

Configuration profiles define security policies on Apple iOS devices. If a user is able to remove a configuration profile, the user can then change the configuration that had been enforced by that policy. Relaxing security policies may introduce vulnerabilities the profiles had mitigated. Configuring a profile to never be removed mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #47

ID: SV-254636r959010_rule
Version: AIOS-16-013500
Severity: Medium
References: CCI-000366
Updated: 5 days ago

Remediation Templates

Configure the Apple iOS configuration profile such that it can never be removed.

The procedure for implementing this control will vary depending on the MDM/EMM used by the mobile service provider.

When using Apple Configurator, under "General Security", configure "Security" to "Never" and "Automatically Remove Profile" to "Never".

Apple iOS must implement the management setting: Not allow a user to remove Apple iOS configuration profiles that enforce DoD security requirements.

Description

Remediation Templates

A Manual Procedure