Apple iOS/iPadOS 17 must be configured to disable "Auto Unlock" of the iPhone by an Apple Watch.

An XCCDF Rule

Description

Auto Unlock allows an Apple Watch to automatically unlock an iPhone or Mac when in close proximity (not available for iPad). This feature allows the iPhone/Mac to be unlocked without the user entering the device passcode, which may lead to unauthorized users access to the iPhone/Mac and sensitive DOD data. This control is not applicable if the authorizing official (AO) has approved the use of Apple Watches. SFR ID: FMT_MOF_EXT.1.2 #47

ID: SV-258376r1015682_rule
Version: AIOS-17-014800
Severity: Medium
References: CCI-000765 CCI-000767 CCI-002235
Updated: 23 days ago

Remediation Templates

If the AO has not approved the use of Apple Watch with DOD-owned iPhones, configure the Apple iOS configuration profile to disable "Allow auto unlock".

The procedure for implementing this control will vary depending on the MDM/EMM used by the mobile service provider.

In the MDM console, set "Allow auto unlock" to "False".

This requirement will become "Supervised only" in a future iOS/iPadOS release.

Apple iOS/iPadOS 17 must be configured to disable "Auto Unlock" of the iPhone by an Apple Watch.

Description

Remediation Templates

A Manual Procedure